* Move set default alias to a separate method to reuse it
* Add tests
* Find domains by domain not by id
* Revert models and setting changes
* Remove non required function
* Ensure uploaded pictures are images and delete the previous ones
* Add CSRF protection to admin routes
* Only allow https urls in the client envs
* Close connection to try to get a new one
* Missing parameter
* start_time can be non existant. Set a default value
* Fix Vuln (allow 2FA bypass with hashed recovery code)
Remove comparison of hashed recovery code from db with the user input.
* Formatting
* Remove Comment
* fix: commit transaction after taking event
* feat: allow to reconnect to postgres for event listener
* chore: log sync events pending to process to metrics
* fix: make dead_letter runner able to process events without needing to have lock on the event
* chore: close Session after reconnect
* refactor: make EventSource emit only events that can be processed
* feat: add protocol buffers for events
* chore: add EventDispatcher
* chore: add WebhookEvent class
* chore: emit events
* feat: initial version of event listener
* chore: emit user plan change with new timestamp
* feat: emit metrics + add alias status to create event
* chore: add newrelic decorator to functions
* fix: event emitter fixes
* fix: take null end_time into account
* fix: avoid double-commits
* chore: move UserDeleted event to User.delete method
* db: add index to sync_event created_at and taken_time columns
* chore: add index to model
* add User.enable_data_breach_check column
* user can turn on/off the data breach check
* only run data breach check for user who enables it
* add tips to run tests using a local DB (without docker)
* refactor True check
* trim trailing space
* fix test
* Apply suggestions from code review
Co-authored-by: Adrià Casajús <acasajus@users.noreply.github.com>
* format
---------
Co-authored-by: Son NK <son@simplelogin.io>
Co-authored-by: Adrià Casajús <acasajus@users.noreply.github.com>
* Store the latest email_log id in the alias to simplify dashboard query
* Fix test
* Add script to migrate users last email_log_id to alias
* Always update the alias last_email_log_id automatically
* Only set the alias_id if it is set
* Fix test with randomization
* Fix notification test
* Also remove explicit set on tests
* Rate limit alias creation to prevent abuse (#2021)
* Rate limit alias creation to prevent abuse
* Limit in secs
* Calculate bucket time
* fix exception
* Tune limits
* Move rate limit config to configuration (#2023)
* Fix dropdown item in header (#2024)
* Add option for admin to stop trial (#2026)
* Fix: if redis is not configured do not enable rate limit (#2027)
* support product IDs for the new Mac app (#2028)
Co-authored-by: Son NK <son@simplelogin.io>
* Add metrics to rate limit (#2029)
* Order domains alphabetically when retrieving them (#2030)
* Removed unused import
* Remove debug info
---------
Co-authored-by: D-Bao <49440133+D-Bao@users.noreply.github.com>
Co-authored-by: Son Nguyen Kim <son.nguyen@proton.ch>
Co-authored-by: Son NK <son@simplelogin.io>
* Accounts to be scheduled to be deleted cannot receive emails or login
* Create model and create migration for user
* Add test for the cron function
* Move logic to one place
* Use the class name to call the static delete method
* Sanitize alias, contacts, mailboxes and users before creating them
* Updated comments and moved crons to run when load is low
* Run the stats at the same time as previously
---------
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
* Rate limit the sudo route
* Add missing indexes
* Updated index
* Update index creation to run with concurrent
* With autocommit block
---------
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
* Add toggle to check if a user is premium without the partner subscription
* fix test
* Parter created users do not have a newsletter alias id
---------
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
* Use the alias domain for contacts
* Check there are not duplicate emails
* Check also in trash
* Use helper
* Set VERP for the forward phase to the contact domain
* Add pgp_fingerprint as index for contacts
* Removed check trash
* Only use reply domains for sl domains
* Configure via db wether the domain can be used as a reverse_domain
* Fix: typo
* reverse logic
* fix migration
* fix test
---------
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
Co-authored-by: Son <nguyenkims@users.noreply.github.com>
* Add Partner only domains
* Add hidden domain to the test and revert to default domains after the tests
* Send what to show in each call
* Fix: Pass none instead of false
* Removed flag from partnerusr
---------
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>