From 571e39bb30ebef8aad0b1011ecba55bf08731537 Mon Sep 17 00:00:00 2001
From: Son NK <>
Date: Mon, 28 Sep 2020 21:09:20 +0200
Subject: [PATCH] user can add/remove authorized address

---
 .../templates/dashboard/mailbox_detail.html   | 41 +++++++++++++++++--
 app/dashboard/views/mailbox_detail.py         | 34 ++++++++++++++-
 2 files changed, 71 insertions(+), 4 deletions(-)

diff --git a/app/dashboard/templates/dashboard/mailbox_detail.html b/app/dashboard/templates/dashboard/mailbox_detail.html
index a9869438..0c763d5f 100644
--- a/app/dashboard/templates/dashboard/mailbox_detail.html
+++ b/app/dashboard/templates/dashboard/mailbox_detail.html
@@ -106,10 +106,10 @@
 
       </div>
 
-      {% if spf_available %}
-        <hr>
-        <h2 class="h4">Advanced Options</h2>
+      <hr>
+      <h2 class="h4">Advanced Options</h2>
 
+      {% if spf_available %}
         <div class="card" id="spf">
           <form method="post">
             <input type="hidden" name="form-name" value="force-spf">
@@ -145,6 +145,41 @@
           </form>
         </div>
       {% endif %}
+
+      <div class="card" id="authorized-address">
+        <div class="card-body">
+          <div class="card-title">
+            Authorized addresses
+            <div class="small-text">
+              Emails sent from these addresses to a <b>reverse-alias</b> are considered as being sent
+              from {{ mailbox.email }}
+            </div>
+          </div>
+          {% if mailbox.authorized_addresses | length == 0 %}
+
+          {% else %}
+            <ul>
+              {% for authorized_address in mailbox.authorized_addresses %}
+                <li>
+                  {{ authorized_address.email }}
+                  <form method="post" action="#authorized-address" style="display: inline">
+                    <input type="hidden" name="form-name" value="delete-authorized-address">
+                    <input type="hidden" name="authorized-address-id" value="{{ authorized_address.id }}">
+                    <input type="submit" class="btn btn-sm btn-outline-warning" value="Delete">
+                  </form>
+                </li>
+              {% endfor %}
+            </ul>
+          {% endif %}
+
+          <form method="post" action="#authorized-address" class="form-inline">
+            <input type="hidden" name="form-name" value="add-authorized-address">
+            <input type="email" name="email" size="50" class="form-control">
+            <input type="submit" class="btn btn-primary" value="Add">
+          </form>
+        </div>
+      </div>
+
     </div>
   </div>
 {% endblock %}
diff --git a/app/dashboard/views/mailbox_detail.py b/app/dashboard/views/mailbox_detail.py
index bb264813..fc0a519d 100644
--- a/app/dashboard/views/mailbox_detail.py
+++ b/app/dashboard/views/mailbox_detail.py
@@ -14,7 +14,7 @@ from app.email_utils import email_domain_can_be_used_as_mailbox
 from app.email_utils import mailbox_already_used, render, send_email
 from app.extensions import db
 from app.log import LOG
-from app.models import Alias, DeletedAlias
+from app.models import Alias, DeletedAlias, AuthorizedAddress
 from app.models import Mailbox
 from app.pgp_utils import PGPException, load_public_key
 
@@ -88,6 +88,38 @@ def mailbox_detail_route(mailbox_id):
                 else "disabled" + " successfully",
                 "success",
             )
+            return redirect(
+                url_for("dashboard.mailbox_detail_route", mailbox_id=mailbox_id)
+            )
+        elif request.form.get("form-name") == "add-authorized-address":
+            address = request.form.get("email").lower().strip().replace(" ", "")
+            if AuthorizedAddress.get_by(mailbox_id=mailbox.id, email=address):
+                flash(f"{address} already added", "error")
+            else:
+                AuthorizedAddress.create(
+                    user_id=current_user.id,
+                    mailbox_id=mailbox.id,
+                    email=address,
+                    commit=True,
+                )
+                flash(f"{address} added as authorized address", "success")
+
+            return redirect(
+                url_for("dashboard.mailbox_detail_route", mailbox_id=mailbox_id)
+            )
+        elif request.form.get("form-name") == "delete-authorized-address":
+            authorized_address_id = request.form.get("authorized-address-id")
+            authorized_address: AuthorizedAddress = AuthorizedAddress.get(
+                authorized_address_id
+            )
+            if not authorized_address or authorized_address.mailbox_id != mailbox.id:
+                flash("Unknown error. Refresh the page", "warning")
+            else:
+                address = authorized_address.email
+                AuthorizedAddress.delete(authorized_address_id)
+                db.session.commit()
+                flash(f"{address} has been deleted", "success")
+
             return redirect(
                 url_for("dashboard.mailbox_detail_route", mailbox_id=mailbox_id)
             )