Commit Graph

2725 Commits

Author SHA1 Message Date
Adrià Casajús
3a75686898
Generate a web session from an api key (#1224)
* Create a token to exchange for a cookie

* Added Route to exchange token for cookie

* add missing migration



Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-08-10 18:48:32 +02:00
Carlos Quintana
a9549c11d7
Rate limiting depending on user authenticated status (#1221)
* Rate limiting depending on user authenticated status

* Update app/extensions.py

Co-authored-by: Adrià Casajús <acasajus@users.noreply.github.com>

* Add rate_limiting tests

Co-authored-by: Adrià Casajús <acasajus@users.noreply.github.com>
2022-08-09 14:57:21 +02:00
Son Nguyen Kim
a88a8ff2be
add more logging (#1223) 2022-08-09 10:01:55 +02:00
Son Nguyen Kim
6c6deedf47
Stop paddle sub (#1216)
* admin can stop a paddle sub

* show admin menu if user is admin
2022-08-04 09:20:07 +02:00
Son Nguyen Kim
d72226aa19
show proton sub info on admin (#1207) 2022-08-01 20:49:05 +02:00
Carlos Quintana
a04152a37f
Do not allow SVG image uploads (#1198) 2022-07-29 08:52:51 +02:00
Adrià Casajús
25fde11a86
Refactor alias suffix (#1194)
* Extract suffix generation and validation to a module

* Updated tests

* Make custom alias use signed suffixes

* Added the signature check to the module

* Fix invalid route

* Move more suffix related stuff

* Fix tests

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-07-27 17:40:22 +02:00
Adrià Casajús
bd044304f0
Added rate limit to resend activation email (#1192)
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-07-26 14:57:26 +02:00
Adrià Casajús
f4c5198055
Remove ResetCodes after email change (#1191)
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-07-26 14:43:31 +02:00
Son Nguyen Kim
97805173cb
remove envs used for proton beta link (#1189)
* remove envs used for proton beta link

* remove is_connect_with_proton_enabled()
2022-07-26 12:38:18 +02:00
Carlos Quintana
827e3a1acb
Implement mode for Login with Proton (#1186) 2022-07-26 09:55:24 +02:00
Son Nguyen Kim
6322e03996
admin can manage newsletter and test sending it (#1177)
* admin can manage newsletter and test sending it

* add comments

* comment

* doc

* not userID not specified, send the newsletter to current user

* automatically match textarea height to content when editing newsletter

* increase text height and limit img size to 100% in email template

* admin can send newsletter to a specific address
2022-07-22 11:24:53 +02:00
Carlos Quintana
7db3ec246e
Mitigate open redirect with OAuth (#1176)
* Mitigate open redirect with OAuth

* Fix tests
2022-07-21 14:23:08 +02:00
Adrià Casajús
3fa9db9bb7
Change default unsub behaviour to disable alias by default (#1174)
* Change default unsub behaviour to disable alias by default

* Alter default valut for unsub_behaviouur

* Added comments to the migration

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-07-20 11:57:34 +02:00
Adrià Casajús
06c1c7f2f7
Restrict the number of free alias for new free users (#1155)
* Restrict the number of free alias for new free users

* Fix test

* Make flag reverse

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-07-20 11:09:22 +02:00
Adrià Casajús
f3d47a1eaa
Allow users to keep the original unsub behaviour (#1148)
* Feature: Preserve original unsubscribe request

* Updated tests

* Updated settings

* PR comments

* reduced prefix length

* Include migrate users for new unsub behaviour

* PR comments

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-07-19 17:25:21 +02:00
Adrià Casajús
afb2ab3758
Allow to configure mem storage from config (#1166)
* Allow to configure memory storage from config

* format

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-07-19 08:25:59 +02:00
Son Nguyen Kim
36547bd82d
Update wording (#1163)
* rename file

* update wording when adding mailbox

* rename
2022-07-17 15:02:17 +02:00
Adrià Casajús
2837350204
Limit amount of imports (#1161)
* Limit amount of imports

* Review suggestions

* Format

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-07-16 18:17:15 +02:00
Adrià Casajús
bcd4383e05
Sanitize the highlight contact id (#1160)
* Sanitize also parameter

* Formatting

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-07-15 17:48:42 +02:00
Adrià Casajús
67be5ba050
Enforce int params in routes (#1159)
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-07-15 17:10:00 +02:00
Son Nguyen Kim
f367acbeaf
Add next bill date on admin UI (#1154)
* add subscription next bill date on admin

* small refactor: remove unused param
2022-07-12 18:17:39 +02:00
Adrià Casajús
f75bdd006a
Fix: Allow internal link independent of enable log in with proton (#1151)
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-07-11 09:41:20 +02:00
Adrià Casajús
82d0f44cab
Fix: Check if required session headers exist (#1145)
* Check session keys exist

* Update message

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-07-05 22:26:48 +02:00
Adrià Casajús
494005eaa5
Fix: Add weird encodings to the list (#1146)
(cherry picked from commit cfed4061e7bf3e34c52518b905065055acb8858e)

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-07-05 12:19:14 +02:00
Carlos Quintana
38d305da23
Bypass 2FA if Login with Proton (#1142)
* Bypass 2FA if Login with Proton

* Fix formatting of template
2022-07-04 16:24:49 +02:00
Adrià Casajús
c2bb6488e4
Allow to login with proton to enter sudo mode (#1141)
* Allow to login with proton to enter sudo mode

* Updated wording

* lint

* Only enabled if the user has the account linked

* Add exit-sudo route for tests

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-07-04 16:09:36 +02:00
Carlos Quintana
e2f9ea4ae1
Capture exception on Login with Proton (#1140) 2022-07-04 15:40:17 +02:00
Son Nguyen Kim
6d86e64d65
show msg on /internal/integrations/proton (#1139)
* show msg on /internal/integrations/proton

* highlight the connect with Proton section

* djlint
2022-07-04 15:39:12 +02:00
Adrià Casajús
38c9138cdb
Fix: When logging with parter create accounts with lowercase emails (#1137)
* Fix: When logging with parter create accounts with lowercase emails

* Sanitize emails instead of just lowercase them

* linting

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-07-04 11:51:43 +02:00
Son Nguyen Kim
66a2152ea3
Compute Proton metrics (#1135)
* compute nb_proton_premium

* compute nb_proton_user
2022-07-04 11:40:29 +02:00
Son Nguyen Kim
02b39f98b7
fix cron job (#1134) 2022-07-04 11:05:42 +02:00
Son Nguyen Kim
8799691f99
allow admin to disable spoofing check on an alias (#1133) 2022-07-04 11:05:13 +02:00
Adrià Casajús
aabcc8e72a
Feature: Add delete account route for the api (#1132)
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-07-02 16:45:58 +02:00
Adrià Casajús
88dd07e48d
Feature: Use new job status to retry killed jobs (#1130)
* Feature: Use new job status to retry killed jobs

* Set attermpts and time via config

* Update timing condition

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-07-01 11:14:53 +02:00
Adrià Casajús
8b89a428e0
Fix: clear next in the session before triggering a login (#1129)
* Fix: clear next in the session before triggering a login

* Format

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-06-30 15:41:50 +02:00
Adrià Casajús
21feced342
Refactor unsubscribe handling (#1090)
* Refactor unsubscribe email handling

* MR comments

* Moved all unsub logic to the encoder

* remove unused

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-06-30 11:40:01 +02:00
Carlos Quintana
d06470a3c6
Activate users created with account link (#1124) 2022-06-29 16:55:20 +02:00
Carlos Quintana
9abb8aa47f
Validate user uploaded image (#1123)
* Validate user uploaded image

* Fix test/data path detection
2022-06-29 15:04:55 +02:00
Son Nguyen Kim
f6a7ee981a
do not send double subscription email (#1118)
* do not send double subscription email

* remove unused import

* remove unused test
2022-06-28 17:51:44 +02:00
Son Nguyen Kim
75c710a6ab
small refactoring (#1120) 2022-06-28 17:21:23 +02:00
Adrià Casajús
aac493ad2f
Update docs and error message for sudo route (#1117)
* Update docs and error message for sudo route

* Fix

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-06-28 14:40:06 +02:00
Carlos Quintana
07b7f40371
Fix prompt user to upgrade to proton account (#1116) 2022-06-28 12:36:21 +02:00
Son Nguyen Kim
89062edc06
show cancel status in "Current plan" section (#1114)
* show cancel status in "Current plan" section

* do not show upgrade button for canceled paddle sub
2022-06-28 11:58:04 +02:00
Carlos Quintana
dd0598a4dd
Send welcome email when user created by login with proton (#1115)
* Send welcome email when user created by login with proton

* Add dedicated test to user.created_by_partner
2022-06-28 11:57:21 +02:00
Adrià Casajús
5fa41d6ccf
Add state management to job (#1113)
* Add state management to job

* Add migration

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-06-28 09:22:48 +02:00
Carlos Quintana
686f4f3f68
Always check redirect_uri for oauth (#1111)
* Always check redirect_uri for oauth

* Fix OAuth tests
2022-06-27 13:20:18 +02:00
Carlos Quintana
f58c4a9a50
Show premium subscription managed by partner (#1112) 2022-06-27 13:17:30 +02:00
Adrià Casajús
de31e6d072
Allow to set sudo mode for api requests (#1108)
* Allow to set sudo mode for api requests

* Rebase migration on top of master

* PR comments

* Added missing migration

* Removed unused import

* Apply suggestions from code review

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-06-23 14:26:36 +02:00
Adrià Casajús
9cc9d38dce
Propose upgrade proton account for proton partner users without paid mail plan (#1106)
* Propose upgrade proton account for proton partner users without paid mail plan

* Reformat js

* Initial display via jinja

* tweak ui: add a ---OR--- separator

* use collapse to show SL upgrade option

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
Co-authored-by: Son <nguyenkims@users.noreply.github.com>
2022-06-23 12:26:02 +02:00
Son Nguyen Kim
09cec0cdec
allow to hide some public domains and set their order (#1107) 2022-06-22 18:21:19 +02:00
Adrià Casajús
99ce10a1bc
Send email to users with a subscription and a partner plan upgrade (#1101)
* Send email to users with a subscription and a partner plan upgrade

* Update double-subscription-partner.html

* Update double-subscription-partner.txt.jinja2

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
Co-authored-by: Son Nguyen Kim <nguyenkims@users.noreply.github.com>
2022-06-20 14:34:20 +02:00
Adrià Casajús
fbb59a1531
Send welcome mail to proton created users (#1099)
* Send welcome mail to proton created users

* Skip import

* Use new logo

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-06-20 11:36:16 +02:00
Carlos Quintana
5ee5e386e5
Allow to create users from partner (#1095)
* Allow to create users from partner

* Fix tests

* Update tests/test_account_linking.py

Co-authored-by: Adrià Casajús <acasajus@users.noreply.github.com>

* Fix lint

Co-authored-by: Adrià Casajús <acasajus@users.noreply.github.com>
2022-06-16 10:25:50 +02:00
Carlos Quintana
ba6c5f93ac
Add extension_redirect endpoint (#1093)
* Add extension_redirect endpoint

* Add test for extension_redirect
2022-06-16 09:56:00 +02:00
Carlos Quintana
332fcb27d9
Fix double backslash open redirect (#1096) 2022-06-16 09:55:08 +02:00
Carlos Quintana
58990ec762
Hide proton integration behind cookie (#1092)
* Hide proton integration behind cookie

* Make cookie name configurable via config
2022-06-15 15:42:41 +02:00
Carlos Quintana
3b47e79fae
Emit events on proton actions (#1089)
* Emit events on proton actions

* Update app/account_linking.py

Co-authored-by: Adrià Casajús <acasajus@users.noreply.github.com>

* Update app/account_linking.py

Co-authored-by: Adrià Casajús <acasajus@users.noreply.github.com>

Co-authored-by: Adrià Casajús <acasajus@users.noreply.github.com>
2022-06-15 08:24:11 +02:00
Carlos Quintana
cf5ff6fa23
Allow extra headers on proton connection (#1087) 2022-06-14 10:29:18 +02:00
Son Nguyen Kim
39aeb81f9a
add dkim signature for export data email (#1083)
* add dkim signature for export data email

* fix
2022-06-14 10:08:04 +02:00
Son Nguyen Kim
83d58c7bca
handle case empty latest_receipt_info (#1081) 2022-06-13 12:42:56 +02:00
Adrià Casajús
efa534fd3e
Store transfer tokens hashed in the db and only allow them to be valid for 24 hours (#1080)
* Store transfer tokens hashed in the db and only allow them to be valid for 30 mins

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-06-13 12:41:47 +02:00
Carlos Quintana
56ec95bc93
Fix proton integration issues (#1071)
* Fix proton integration issues

* Make external_user_id non nullable

* Fix tests
2022-06-10 16:21:56 +02:00
Son Nguyen Kim
a0a92a7562
require user password before transferring an alias (#1070) 2022-06-10 15:50:44 +02:00
Son Nguyen Kim
0afd414a66
use responseBody.Latest_receipt_info and not responseBody.Receipt.In_app (#1066)
https://developer.apple.com/documentation/appstorereceipts/responsebody/receipt/in_app
2022-06-10 15:50:09 +02:00
Adrià Casajús
a9a44c378a
Do not report complaints for deleted aliases (#1067)
* Do not report complaints for deleted aliases

* revert reorder

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-06-10 15:44:59 +02:00
Carlos Quintana
c0fe10def6
Raise proper exception on account already linked error (#1069)
* Raise proper exception on account already linked error

* Update app/account_linking.py

Co-authored-by: Adrià Casajús <acasajus@users.noreply.github.com>

* Fix FMT

Co-authored-by: Adrià Casajús <acasajus@users.noreply.github.com>
2022-06-10 12:23:04 +02:00
Carlos Quintana
c0a4c44e94
Separate code for proton callback handler (#1040)
* Separate code for proton callback handler

* Upgrade migration

* Use simple_login endpoint from Proton API

* Remove unused classes

* Rename Dto class to Data

* Push rename

* Moved link to PartnerUser to allow subscriptions to depend only on it

* Fix test

* PR comments

* Add unique user_id constraint to PartnerUser

* Added more logs

* Added more logs

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-06-09 10:19:49 +02:00
Adrià Casajús
faf67ff338
Add missing rate limits (#1065)
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-06-08 17:36:03 +02:00
Son Nguyen Kim
9cf2f44166
only allow to copy the api key when it is created (#1059)
* show api key created time

* only allow user to copy the api key when it is created

* typo
2022-06-08 10:31:58 +02:00
Adrià Casajús
e688f04d6b
Send full user report asynchronously on request (#1029)
* Send full user report asynchronously

* Fix test

* Filter some fields before exporting

* Fix: Domain -> CustomDomain

* format settings html

* not include RefusedEmail as they are not usable by user and are automatically deleted

* send the export to the user email

* change email and setting wording

* fix user can only export data once

* remove alias export section

* remove unused import

* fix flake8

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
Co-authored-by: Son <nguyenkims@users.noreply.github.com>
2022-06-07 10:45:04 +02:00
Carlos Quintana
dba56f0dae
Store hmaced partner api tokens (#1028)
* Store hmaced partner api tokens

* MR comments
2022-06-02 11:24:04 +02:00
Adrià Casajús
7ba9bcb9e2
Save unsent emails to disk to be resent later (#1022)
* Initial save to disk

* Store unsent messages to disk so they can be retried later

* Set back not sending emails

* Fixed decorator

* Add general exceptions to the catchall

* Have dummy server just to make sure

* Added several server test cases

* ADded tests for bounced and error status

* Moved dir creation to config parse time

* Set LOG.e

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-05-30 11:52:10 +02:00
Son Nguyen Kim
f14e003a38
Merge pull request #1021 from simple-login/ac-verp-unpack
Fix: check if verp return is None before unpack
2022-05-24 08:11:23 +02:00
Adrià Casajús
2b8f7139b8
Fix: check if verp return is None before unpack 2022-05-24 07:54:07 +02:00
Adrià Casajús
687b51be0f
Merge pull request #1019 from simple-login/feature/proton-callback-receive-partner_id-as-param
Receive partner as param in ProtonCallbackHandler
2022-05-23 16:49:34 +02:00
Carlos Quintana
5ab943e12c
Remove get_proton_partner_id function 2022-05-23 16:43:06 +02:00
Carlos Quintana
8c6c144ba2
Fix global Partner instance 2022-05-23 16:38:50 +02:00
Carlos Quintana
0064729ca7
Update app/proton/proton_callback_handler.py
Co-authored-by: Adrià Casajús <acasajus@users.noreply.github.com>
2022-05-23 16:22:23 +02:00
Carlos Quintana
ed9d2ed816
Receive partner as param in ProtonCallbackHandler 2022-05-23 16:11:58 +02:00
Adrià Casajús
b26d04e82c
Merge pull request #1017 from simple-login/remove-flask-sqlalchemy
remove flask-sqlalchemy and upgrade sqlalchemy from 1.3.19 to 1.3.24
2022-05-23 15:26:03 +02:00
Son
631254a1cd redirect user to dashboard instead of the account activation page for now 2022-05-23 14:44:24 +02:00
Son
3897d723ea remove flask-sqlalchemy and upgrade sqlalchemy from 1.3.19 to 1.3.24 2022-05-23 14:41:06 +02:00
Son
e5f23e3517 make sure to only send test emails to user's alias 2022-05-20 18:15:54 +02:00
Son
0f9232eeeb improve wording 2022-05-20 18:05:05 +02:00
Son
9ba5464bc9 allow to create reverse alias for NOREPLY 2022-05-20 17:59:41 +02:00
Son Nguyen Kim
a90e880b24
Merge pull request #1010 from simple-login/fix-upgrade
do not show upgrade button for lifetime user
2022-05-20 15:16:38 +02:00
Son Nguyen Kim
c87e503701
Merge pull request #1004 from simple-login/feature/add-new-page-for-account-activated
Add new page for account activated
2022-05-20 15:16:21 +02:00
Carlos Quintana
afb7f5ef42
Simplify redirect condition on account_activated 2022-05-20 11:50:50 +02:00
Carlos Quintana
521f6b5822
Update app/onboarding/views/account_activated.py
Co-authored-by: Adrià Casajús <acasajus@users.noreply.github.com>
2022-05-20 11:44:49 +02:00
Son
a7d419eec3 do not show upgrade button for lifetime user 2022-05-20 11:00:11 +02:00
Carlos Quintana
f7e27ce0da
Add login_required to the account_activated page 2022-05-20 10:52:46 +02:00
Carlos Quintana
893520c361
Add edge to the browser detection process 2022-05-20 09:46:52 +02:00
Carlos Quintana
a1f37f0841
Detect mobile device and redirect them to dashboard 2022-05-20 09:40:03 +02:00
Carlos Quintana
e5770de329
Add account_activated page prompting user to install the extension 2022-05-20 09:40:03 +02:00
Son Nguyen Kim
0e3be23acc
Merge pull request #997 from simple-login/feature/adapt-extension-setup
Adapt extension setup
2022-05-20 09:01:35 +02:00
Carlos Quintana
7ce4aa6e96
Code quality 2022-05-20 08:58:02 +02:00
Carlos Quintana
39b5fa50d8
Use is_authenticated 2022-05-20 08:48:01 +02:00
Adrià Casajús
3330625426
Allow mailer to keep in mem mails to validate tests 2022-05-19 12:27:06 +02:00
Carlos Quintana
b4da667a5e
Add TODO for removing the cookie on extension onboarding 2022-05-19 11:49:13 +02:00
Carlos Quintana
e6acff13e5
Send extension setup message if user is logged in 2022-05-19 11:47:22 +02:00
Adrià Casajús
88c60f5387
Allow '7-bit' encoding for Content-Transfer-Encoding 2022-05-18 09:56:30 +02:00
Carlos Quintana
8ac87217d2
Adapt extension setup 2022-05-17 12:22:38 +02:00
Son
41c6e8fd79 add quote 2022-05-16 19:23:24 +02:00
Son
e61bf038be allow to use a different from for send_email() 2022-05-16 19:17:56 +02:00
Adrià Casajús
2adcbf52be
Merge pull request #963 from simple-login/ac-complaints
Handle complaints that have multiple recipients
2022-05-16 10:30:14 +02:00
Adrià Casajús
0da2fd94f1
Set header as a constant 2022-05-16 10:16:42 +02:00
Adrià Casajús
d86a7877a8
Merge pull request #994 from simple-login/remove-admin-notif
no need to notify admin when someone uses a coupon
2022-05-16 10:09:21 +02:00
Son Nguyen Kim
f0263b812e
Merge pull request #986 from simple-login/feature/add-extension-onboarding-pages
Add extension onboarding pages
2022-05-16 09:12:52 +02:00
Carlos Quintana
5fc8245b8b
Remove link to support from test email 2022-05-16 08:27:23 +02:00
Son
54e78786b0 no need to notify admin when someone uses a coupon 2022-05-15 19:57:45 +02:00
Adrià Casajús
3578c61366
Use header 2022-05-13 19:18:20 +02:00
Adrià Casajús
64c67f4429
PR comments 2022-05-13 18:14:21 +02:00
Adrià Casajús
34ad81c7c0
Merge pull request #921 from simple-login/ac-free-no-reverse-alias
Prevent free users from creating reverse-alias
2022-05-13 17:13:48 +02:00
Carlos Quintana
2e62a9f00c
Remove support email from test email 2022-05-13 12:16:55 +02:00
Carlos Quintana
bef71b7be3
Update contact instructions on test_email 2022-05-13 10:55:13 +02:00
Carlos Quintana
933237e73b
Implement "Send me an email" button on final extension onboarding 2022-05-13 08:53:31 +02:00
Carlos Quintana
710f4d0709
Start adding extension onboarding pages 2022-05-13 08:21:35 +02:00
Adrià Casajús
52cd9d2692
Simplify condition 2022-05-12 19:02:06 +02:00
Adrià Casajús
75dd20ebcc
Fix condition 2022-05-12 19:01:04 +02:00
Adrià Casajús
0c896100a4
Update html 2022-05-12 18:46:42 +02:00
Adrià Casajús
bfb1ae6371
PR comments 2022-05-12 18:42:16 +02:00
Adrià Casajús
39b035a123
Added docs 2022-05-12 18:36:12 +02:00
Adrià Casajús
9066116b7e
Simplified method 2022-05-12 18:33:13 +02:00
Adrià Casajús
4d07bc9d31
Moved global flag to config 2022-05-12 18:30:46 +02:00
Adrià Casajús
caff70ea38
Set global config to enable/disable feature 2022-05-12 16:35:51 +02:00
Carlos Quintana
975eacc969
Remove config.SHA1 in favour of build_info.SHA1 2022-05-12 16:26:04 +02:00
Carlos Quintana
9959848d74
Use python version file 2022-05-12 16:21:36 +02:00
Carlos Quintana
c3792dc333
Obtain git information from version file 2022-05-12 16:11:20 +02:00
Adrià Casajús
5dde39eb37
Prevent free users from creating reverse-alias 2022-05-12 13:20:05 +02:00
Son
d2fad44003 create a constant for paddle grace days 2022-05-11 19:03:27 +02:00
Son
2573c68e82 use a grace period of 14 days for paddle subscription 2022-05-11 17:24:52 +02:00
Carlos Quintana
e09d7a2b71
Fix open redirect 2022-05-11 14:50:37 +02:00
Adrià Casajús
48554369bd
Get the mailbox if possible from the email log 2022-05-10 23:34:57 +02:00
Adrià Casajús
d2111d4768
Added doc comments 2022-05-10 18:26:56 +02:00
Adrià Casajús
6c13f7de05
refactored to reduce duplicated codepaths 2022-05-10 18:23:14 +02:00
Adrià Casajús
a2f141d3cc
Get recipient address from the complaint report when possible 2022-05-10 17:54:51 +02:00
Son
44b0aba4f3 fix verp generation 2022-05-10 11:19:25 +02:00
Carlos Quintana
5b60ef1e35
Preserve next_url in oauth login 2022-05-09 12:20:14 +02:00
Son Nguyen Kim
7e00dfddc3
Merge pull request #954 from simple-login/fix-proton-login
allow the code to run without proton partner
2022-05-09 08:25:07 +02:00
Carlos Quintana
c95bfb80a2
Add OAuth hook for checking the status code 2022-05-06 14:41:52 +02:00
Son
b720dfc381 allow the code to run without proton partner 2022-05-05 15:05:39 +02:00
Carlos Quintana
8d4683e59e
Add login with proton 2022-05-05 12:20:55 +02:00
Adrià Casajús
c48247e852
Remove deprecated verp email validation 2022-05-04 16:17:51 +02:00
Adrià Casajús
66c6db773f
Align db with models for the audit_log 2022-05-03 16:48:54 +02:00
Adrià Casajús
6936d99779
Set default state for provider complaint 2022-05-03 14:16:04 +02:00
Adrià Casajús
56159765d9
Rename 2022-05-02 11:53:32 +02:00
Adrià Casajús
ba46ce5208
Format 2022-04-29 16:02:45 +02:00
Adrià Casajús
baddc0fe67
Fix: sqlalchemy only suports str as server_default 2022-04-29 15:58:48 +02:00
Adrià Casajús
e62022f032
Merge remote-tracking branch 'origin/master' into ac-store-contact-bounces
* origin/master: (29 commits)
  PR comments
  support "enabled" param in /api/v2/aliases
  Update PGPy to 0.5.4 to allow for python 3.10
  Also install libpq-dev
  Fix python 3.10
  Add methods to check if alias will be auto-created
  PR comments
  Allow sending messages in a background thread
  Use the proper import for newrelic agent
  not send emails to inform about an alias can't be created to disabled user
  prevent disabled user from using the api
  make sure disabled user can't create new alias
  Put version version between " so it is 3.10 instead of 3.1
  Add workflow for python 3.10
  Remove it for all creds
  Do not send the transports to the js part since we have not stored them previously
  move help to menu on small screen
  only show the help button on desktop
  use another logo for mobile
  add new parameter disabled in /GET /api/v2/aliases
  ...
2022-04-29 15:56:09 +02:00
Adrià Casajús
cca709ed48
formatting 2022-04-29 15:50:52 +02:00
Adrià Casajús
04399e827e
Merge pull request #940 from simple-login/ac-check-auto-create
Add methods to check if an alias will be auto-created
2022-04-29 12:05:18 +02:00
Adrià Casajús
1f040fcebc
PR comments 2022-04-28 18:43:10 +02:00
Son
a2c477a816 support "enabled" param in /api/v2/aliases 2022-04-28 17:24:35 +02:00
Adrià Casajús
46646f4ee2
Merge pull request #932 from simple-login/ac-fix-webauthn-transport
Do not send the transports to the js part since we have not stored them previously
2022-04-28 16:53:00 +02:00
Adrià Casajús
bb4207c3a1
Merge pull request #938 from simple-login/ac-fix-invalid-import
Use the proper import for newrelic agent
2022-04-28 16:52:09 +02:00
Adrià Casajús
74b31eac66
PR comments 2022-04-28 15:24:45 +02:00
Adrià Casajús
7fd9bdc5a7
PR comments 2022-04-28 15:23:52 +02:00
Adrià Casajús
8e35a09788
Add methods to check if alias will be auto-created 2022-04-28 15:10:38 +02:00
Adrià Casajús
f9a390c1a2
PR comments 2022-04-28 15:03:14 +02:00
Adrià Casajús
9a04376894
Allow sending messages in a background thread 2022-04-28 14:43:24 +02:00
Adrià Casajús
25c3626226
Use the proper import for newrelic agent 2022-04-28 13:02:45 +02:00
Son Nguyen Kim
93ae82aa46
Merge pull request #936 from simple-login/disable-user-cannot-use-api
prevent disabled user from using the api
2022-04-28 12:13:14 +02:00
Son
845b53b03f not send emails to inform about an alias can't be created to disabled user 2022-04-28 12:10:40 +02:00
Son
7b7cb0b571 prevent disabled user from using the api 2022-04-27 16:24:38 +02:00
Son
eab7606f93 make sure disabled user can't create new alias 2022-04-27 16:06:54 +02:00
Adrià Casajús
657cae53a6
Remove it for all creds 2022-04-26 18:44:57 +02:00
Adrià Casajús
ff33380bed
Do not send the transports to the js part since we have not stored them previously 2022-04-26 18:41:12 +02:00
Adrià Casajús
5208c549fa
Rename TransactionalComplaint to ProviderComplaint 2022-04-25 14:40:42 +02:00
Son
58b332b7bc add new parameter disabled in /GET /api/v2/aliases 2022-04-25 09:22:29 +02:00
Adrià Casajús
fcd2ab6fed
Set data to non-nullable 2022-04-22 14:53:04 +02:00
Adrià Casajús
89d94963d7
PR comments 2022-04-22 14:49:03 +02:00
Son Nguyen Kim
5053d9f1f5
Merge pull request #918 from simple-login/handle-error-as-bytes
handle the AttributeError that can also be raised by as_bytes()
2022-04-22 10:51:55 +02:00
Son
68ec159d91 catch all exception in to_bytes 2022-04-22 10:20:43 +02:00
Son Nguyen Kim
2bcc22c391
Merge pull request #906 from simple-login/ac-hash-change
Support python>3.8 for verp emails and reduce size by truncating hmac and storing time in minutes since 2022-01-01
2022-04-22 10:11:31 +02:00
Adrià Casajús
0f14c3e74e
Move some comments as docstrings 2022-04-21 15:25:06 +02:00
Adrià Casajús
112b2c77c3
Add backwards compat with shake128 signed verp emails 2022-04-21 11:30:39 +02:00
Son
0f7ccec51a handle the AttributeError that can also be raised by as_bytes() 2022-04-21 11:28:11 +02:00
Adrià Casajús
c573ef655e
Store bounces in the reply phase to prevent abuse 2022-04-21 11:23:58 +02:00
Son
bddb5e500a able to handle several noreply addresses
This prepares the change of noreply@simplelogin.co to noreply@simplelogin.io
2022-04-21 08:59:46 +02:00
Adrià Casajús
af24876c71
Use sha3 and truncate to 8 bytes and store time in minutes starting at 2022-01-01 2022-04-20 20:46:35 +02:00
Son Nguyen Kim
9b624edf11
Merge pull request #901 from simple-login/no-dot-in-reverse-alias
use _ instead of . in reverse alias
2022-04-19 18:24:37 +02:00
Adrià Casajús
bad9202cf8
Calculate proper padding when decoding base32 2022-04-19 10:50:25 +02:00
Son Nguyen Kim
259851a04e
Merge pull request #860 from acasajus/remove-softfail
Generate secure transactional emails from address
2022-04-19 09:28:47 +02:00
Son
8dfdac79bf use _ instead of . in reverse alias
to avoid AC_FROM_MANY_DOTS SpamAssassin rule
2022-04-15 17:34:29 +02:00
Adrià Casajús
d28980a810
Format 2022-04-14 18:27:20 +02:00
Adrià Casajús
4bcc728222
Merge remote-tracking branch 'origin/master' into remove-softfail
* origin/master: (34 commits)
  fix flake8
  add link to the anti phishing page
  improve email wording
  Move tests
  Only send enum names
  Only send enum name for events intead of the full class.enum
  Also track login and register events from the api routes
  typo
  revert changes
  Added fix for parts that are not messages
  Add missing formatting place
  Revert unwanted changes
  Do not show an error if we receive an unsubscribe from a different address
  Revert changes to pgp_utils
  fix import
  Send newrelic events on login and register
  PR changes
  format
  Move dmarc management to its own file
  ignore VERPTransactional
  ...
2022-04-14 18:25:03 +02:00
Son
debed67c68 return whether a domain is custom or primary in GET /api/v5/alias/options 2022-04-14 17:28:40 +02:00
Son
a957cbb3c0 fix flake8 2022-04-14 09:47:58 +02:00
Son
1709de93ef add link to the anti phishing page 2022-04-14 09:28:26 +02:00
Son
95770de4d5 improve email wording 2022-04-14 09:23:49 +02:00
Adrià Casajús
ca93c8e603
Merge remote-tracking branch 'origin/master' into ac-dmarc-reply-phase
* origin/master:
  Only send enum name for events intead of the full class.enum
  Also track login and register events from the api routes
  typo
  revert changes
  Added fix for parts that are not messages
  Add missing formatting place
  Revert unwanted changes
  Do not show an error if we receive an unsubscribe from a different address
  Revert changes to pgp_utils
  Send newrelic events on login and register
2022-04-12 12:48:46 +02:00
Adrià Casajús
0f91effce9
Only send enum names 2022-04-12 09:34:05 +02:00
Adrià Casajús
9928525cf9
Only send enum name for events intead of the full class.enum 2022-04-12 09:04:57 +02:00
Son Nguyen Kim
7a0fd34823
Merge pull request #886 from simple-login/ac-fix-unauthorized-email
Do not assume all parts in multipart messages are processed as messages
2022-04-11 17:54:35 +02:00
Adrià Casajús
2b149747f5
Also track login and register events from the api routes 2022-04-11 16:11:01 +02:00
Adrià Casajús
8da4293305
typo 2022-04-11 16:04:28 +02:00
Adrià Casajús
c16fd25b2e
Added fix for parts that are not messages 2022-04-11 15:52:31 +02:00
Adrià Casajús
ae8824a356
Revert unwanted changes 2022-04-11 14:20:56 +02:00
Adrià Casajús
7649f6b822
Do not show an error if we receive an unsubscribe from a different address 2022-04-11 14:19:32 +02:00
Adrià Casajús
dc59b61fba
Revert changes to pgp_utils 2022-04-11 10:20:02 +02:00
Adrià Casajús
f333bb00c5
fix import 2022-04-11 10:19:25 +02:00
Adrià Casajús
60a070731e
Send newrelic events on login and register 2022-04-11 10:18:22 +02:00
Adrià Casajús
7fdd7d7f6a
PR changes 2022-04-11 09:28:57 +02:00
Adrià Casajús
0dbe504329
format 2022-04-08 14:23:59 +02:00
Adrià Casajús
8df6d98522
Merge remote-tracking branch 'origin/master' into ac-dmarc-reply-phase 2022-04-08 11:34:12 +02:00
Adrià Casajús
68e58c0876
Move dmarc management to its own file 2022-04-08 11:28:14 +02:00
Adrià Casajús
b128d64563
Moved spamd check to a custom file and cached the result 2022-04-07 19:17:37 +02:00
Adrià Casajús
0e3c46d944
Save original envelope for debugging 2022-04-06 17:31:46 +02:00
Adrià Casajús
8ca1be0166
Apply dmarc policy to the reply phase 2022-04-06 12:51:04 +02:00
Adrià Casajús
451e69a3c4
More rebase fixes 2022-03-30 16:09:17 +02:00
Adrià Casajús
dce9e633bf
fix 2022-03-30 16:02:05 +02:00
Adrià Casajús
db06ce0ae6
Create signed email addresses for VERP emails 2022-03-30 16:00:02 +02:00
Son
67c2c6afad add warning to email content when dmarc softfail 2022-03-30 19:48:07 +07:00
Son Nguyen Kim
110f2f2f2c
Merge pull request #861 from acasajus/spf-dmarc-backscatter
Reduce backscatter by checking return-path domain SPF status
2022-03-30 19:44:39 +07:00
Son Nguyen Kim
f7a98bc7d2
Merge pull request #862 from simple-login/ac/sanitize-next
Properly validate //host.com urls
2022-03-30 19:40:36 +07:00
Adrià Casajús
83fc8964a8
PR comments 2022-03-30 09:53:35 +02:00
Son Nguyen Kim
d561bae7dd
Merge pull request #864 from simple-login/ac/insecure-random
Replace using random with secrets for security purposes
2022-03-30 11:49:33 +07:00
Adrià Casajús
1555bc6346
fix test 2022-03-29 21:03:55 +02:00
Adrià Casajús
19e87a7156
More random to secrets 2022-03-29 18:42:28 +02:00
Adrià Casajús
b15facb6e4
Use secrets instead of random 2022-03-29 18:40:52 +02:00
Adrià Casajús
97ef5ff765
Fix oauth redirect when clientid is invalid 2022-03-29 18:37:01 +02:00
Adrià Casajús
a9e31cff26
Fix tests 2022-03-29 18:34:13 +02:00
Adrià Casajús
c5b0f5304e
Format 2022-03-29 18:18:11 +02:00
Adrià Casajús
d6df5e0ea0
Add limiters to auth routes 2022-03-29 18:14:13 +02:00
Adrià Casajús
e91fd26964
Sanitized missing places 2022-03-29 18:03:18 +02:00
Adrià Casajús
fe9161b101
Properly validate //host.com urls when redirecting after receiving a next param 2022-03-29 17:53:00 +02:00
Adrià Casajús
085c166cb2
Replace 5XX with 2XX for return path that fail SPF check 2022-03-29 15:09:10 +02:00
Adrià Casajús
7d36256b7c
Check return-path spf record before bouncing a message 2022-03-29 10:52:11 +02:00
Son
0d7d56c0ea send email when an email is put to quarantine 2022-03-25 18:02:17 +01:00
Son
63b1100a8b log event when there's no dmarc result 2022-03-25 16:19:11 +01:00
Son
ce2d2a3b3a fix case where header isn't string 2022-03-25 16:17:58 +01:00
Son
32fd65b69b add more log for alias transfer 2022-03-23 18:33:33 +01:00
Son Nguyen Kim
3d30870395
Merge pull request #849 from acasajus/new/parse-rpamd-headers
Return 200 on fishy dmarc result
2022-03-22 17:36:45 +01:00
Son Nguyen Kim
99b05034b0
Merge pull request #843 from acasajus/new/parse-rpamd-headers
Parse rspamd headers and apply dmarc policy if found.
2022-03-22 17:13:11 +01:00
Adrià Casajús
517bcb632e
MR changes 2022-03-22 17:02:59 +01:00
Son
5b3688b6df set a domain for message-id 2022-03-22 11:02:02 +01:00
Adrià Casajús
5f831d593a
CamelCase to snake_case 2022-03-21 17:59:43 +01:00
Adrià Casajús
45459d65be
PR comments 2022-03-21 17:43:26 +01:00
Son
f554375f23 decode, replace and encode for base64 encoding 2022-03-21 17:29:22 +01:00
Son
1952f368a8 require password to use the api key page 2022-03-21 14:40:47 +01:00
Son
9dc7cff87f add rate limiting for /auth/mfa 2022-03-21 14:23:35 +01:00
Son
a662ef4aee remove g.deduct_limit in api auth endpoint 2022-03-21 14:23:20 +01:00
Adrià Casajús
06a1363e92
Updated MR comments 2022-03-21 12:03:11 +01:00
Adrià Casajús
cdea0f5ee2
Rename header 2022-03-21 10:43:19 +01:00
Adrià Casajús
44dd06fabf
Added spoofed email test 2022-03-21 10:43:18 +01:00
Adrià Casajús
c9cbaeb460
format 2022-03-21 10:43:17 +01:00
Adrià Casajús
e8013f8e0c
Initial parse of rpamd extra headers 2022-03-21 10:43:17 +01:00
Son
0931642d11 use 10.0.0.0 network instead of 240.0.0.0 2022-03-20 10:38:58 +01:00
Son
fa2f83dbf4 fix and refactor 2022-03-16 10:24:59 +01:00