beenull/simple-login
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

PR comments

Browse source
This commit is contained in:
Adrià Casajús 2022-05-13 18:14:21 +02:00
parent 3e0cb546a2
commit 64c67f4429
No known key found for this signature in database
GPG key ID: F0033226A5AFC9B9
2 changed files with 13 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
app/email_utils.py
View file

@ -1,4 +1,5 @@
import base64 import base64
import binascii
import enum import enum
import hmac import hmac
import json import json
@ -1409,9 +1410,7 @@ def generate_verp_email(
).lower() ).lower()
def get_verp_info_from_email( def get_verp_info_from_email(email: str) -> Optional[Tuple[VerpType, int]]:
email: str, validate_time: bool = True
) -> Optional[Tuple[VerpType, int]]:
"""This method processes the email address, checks if it's a signed verp email generated by us to receive bounces """This method processes the email address, checks if it's a signed verp email generated by us to receive bounces
and extracts the type of verp email and associated email log id/transactional email id stored as object_id and extracts the type of verp email and associated email log id/transactional email id stored as object_id
""" """
@ -1422,10 +1421,15 @@ def get_verp_info_from_email(
fields = username.split(".") fields = username.split(".")
if len(fields) != 3 or fields[0] != VERP_PREFIX: if len(fields) != 3 or fields[0] != VERP_PREFIX:
return None return None
padding = (8 - (len(fields[1]) % 8)) % 8 try:
payload = base64.b32decode(fields[1].encode("utf-8").upper() + (b"=" * padding)) padding = (8 - (len(fields[1]) % 8)) % 8
padding = (8 - (len(fields[2]) % 8)) % 8 payload = base64.b32decode(fields[1].encode("utf-8").upper() + (b"=" * padding))
signature = base64.b32decode(fields[2].encode("utf-8").upper() + (b"=" * padding)) padding = (8 - (len(fields[2]) % 8)) % 8
signature = base64.b32decode(
fields[2].encode("utf-8").upper() + (b"=" * padding)
)
except binascii.Error:
return None
expected_signature = hmac.new( expected_signature = hmac.new(
VERP_EMAIL_SECRET.encode("utf-8"), payload, VERP_HMAC_ALGO VERP_EMAIL_SECRET.encode("utf-8"), payload, VERP_HMAC_ALGO
).digest()[:8] ).digest()[:8]
@ -1435,8 +1439,6 @@ def get_verp_info_from_email(
# verp type, object_id, time # verp type, object_id, time
if len(data) != 3: if len(data) != 3:
return None return None
if validate_time and ( if data[2] > (time.time() + VERP_MESSAGE_LIFETIME - VERP_TIME_START) / 60:
data[2] > (time.time() + VERP_MESSAGE_LIFETIME - VERP_TIME_START) / 60
):
return None return None
return VerpType(data[0]), data[1] return VerpType(data[0]), data[1]

2
tests/test.env
View file

@ -61,4 +61,4 @@ PROTON_CLIENT_ID=to_fill
PROTON_CLIENT_SECRET=to_fill PROTON_CLIENT_SECRET=to_fill
PROTON_BASE_URL=https://localhost/api PROTON_BASE_URL=https://localhost/api
POSTMASTER=postmaster@simplelogin.co POSTMASTER=postmaster@test.domain