@ -6,7 +6,9 @@ ignore =
W503, W503,
E203, E203,
# Ignore "f-string is missing placeholders" # Ignore "f-string is missing placeholders"
F541 F541,
# allow bare "except"
exclude = exclude =
.git, .git,
__pycache__, __pycache__,

@ -29,8 +29,7 @@ jobs:
# optional (defaults to `postgres`) # optional (defaults to `postgres`)
ports: ports:
# maps tcp port 5432 on service container to the host - 15432:5432
- 5432:5432
# set health checks to wait until postgres has started # set health checks to wait until postgres has started
options: >- options: >-
--health-cmd pg_isready --health-cmd pg_isready
@ -64,6 +63,7 @@ jobs:
poetry run black --check . poetry run black --check .
flake8 flake8
- name: Test with pytest - name: Test with pytest
run: | run: |
pytest --cov=. --cov-report=term:skip-covered --cov-report=html:htmlcov --cov-fail-under=60 pytest --cov=. --cov-report=term:skip-covered --cov-report=html:htmlcov --cov-fail-under=60

@ -1,21 +1,6 @@
Thanks for taking the time to contribute! 🎉👍 Thanks for taking the time to contribute! 🎉👍
The project uses Flask and requires Python3.7+. The project uses Flask, Python3.7+ and requires Postgres 12+ as dependency.
## Quick start
If you have Docker installed, run the following command to start SimpleLogin local server:
docker run --name sl -it --rm \
-e RESET_DB=true \
-e CONFIG=/code/example.env \
-p 7777:7777 \
simplelogin/app:3.4.0 python
Then open http://localhost:7777, you should be able to login with `` account.
## General Architecture ## General Architecture
@ -25,15 +10,16 @@ Then open http://localhost:7777, you should be able to login with `
SimpleLogin backend consists of 2 main components: SimpleLogin backend consists of 2 main components:
- the `webapp` used by several clients: web UI (the dashboard), browser extension (Chrome & Firefox for now), OAuth clients (apps that integrate "Login with SimpleLogin" button) and mobile app (work in progress). - the `webapp` used by several clients: the web app, the browser extensions (Chrome & Firefox for now), OAuth clients (apps that integrate "Sign in with SimpleLogin" button) and mobile apps.
- the `email handler`: implements the email forwarding (i.e. alias receiving email) and email sending (i.e. alias sending email). - the `email handler`: implements the email forwarding (i.e. alias receiving email) and email sending (i.e. alias sending email).
## Run code locally ## Install dependencies
The project uses The project requires:
- Python 3.7+ and [poetry]( to manage dependencies - Python 3.7+ and [poetry]( to manage dependencies
- Node v10 for front-end. - Node v10 for front-end.
- Postgres 12+
First, install all dependencies by running the following command. First, install all dependencies by running the following command.
Feel free to use `virtualenv` or similar tools to isolate development environment. Feel free to use `virtualenv` or similar tools to isolate development environment.
@ -42,29 +28,25 @@ Feel free to use `virtualenv` or similar tools to isolate development environmen
poetry install poetry install
``` ```
On Mac, sometimes you might need to install some other packages like On Mac, sometimes you might need to install some other packages via `brew`:
```bash ```bash
brew install pkg-config libffi openssl postgresql brew install pkg-config libffi openssl postgresql
``` ```
You also need to install `gpg`, on Mac it can be done with: You also need to install `gpg` tool, on Mac it can be done with:
```bash ```bash
brew install gnupg brew install gnupg
``` ```
Then make sure all tests pass. You need to run a local postgres database to run tests, it can be run with docker with: ## Run tests
```bash ```bash
docker run -e POSTGRES_PASSWORD=test -e POSTGRES_USER=test -e POSTGRES_DB=test -p 5432:5432 postgres:13 sh scripts/
``` ```
then run all tests ## Run the code locally
Install npm packages Install npm packages
@ -78,17 +60,19 @@ To run the code locally, please create a local setting file based on `example.en
cp example.env .env cp example.env .env
``` ```
Run the postgres database:
docker run -e POSTGRES_PASSWORD=mypassword -e POSTGRES_USER=myuser -e POSTGRES_DB=simplelogin -p 35432:5432 postgres:13
To run the server: To run the server:
``` ```
python3 flask db upgrade && flask dummy-data && python3
``` ```
then open http://localhost:7777, you should be able to login with the following account then open http://localhost:7777, you should be able to login with ` / password` account.
``` / password
You might need to change the `.env` file for developing certain features. This file is ignored by git. You might need to change the `.env` file for developing certain features. This file is ignored by git.
@ -101,7 +85,7 @@ Whenever the model changes, a new migration has to be created.
If you have Docker installed, you can create the migration by the following script: If you have Docker installed, you can create the migration by the following script:
```bash ```bash
sh sh scripts/
``` ```
Make sure to review the migration script before committing it. Make sure to review the migration script before committing it.

@ -1,21 +1,661 @@
@ -161,7 +161,7 @@ Similar to DKIM, setting up SPF is highly recommended.
Add a TXT record for `` with the value: Add a TXT record for `` with the value:
``` ```
v=spf1 mx -all v=spf1 mx ~all
``` ```
What it means is only your server can send email with `` domain. What it means is only your server can send email with `` domain.

@ -3,7 +3,7 @@ from flask import redirect, url_for, request, flash
from flask_admin import expose, AdminIndexView from flask_admin import expose, AdminIndexView
from flask_admin.actions import action from flask_admin.actions import action
from flask_admin.contrib import sqla from flask_admin.contrib import sqla
from flask_login import current_user from flask_login import current_user, login_user
from app.extensions import db from app.extensions import db
from app.models import User, ManualSubscription from app.models import User, ManualSubscription
@ -122,6 +122,21 @@ class UserAdmin(SLModelView):
db.session.commit() db.session.commit()
"Login as this user",
"Login as this user?",
def login_as(self, ids):
if len(ids) != 1:
flash("only 1 user can be selected", "error")
for user in User.query.filter(
flash(f"Login as user {user}", "success")
return redirect("/")
def manual_upgrade(way: str, ids: [int], is_giveaway: bool): def manual_upgrade(way: str, ids: [int], is_giveaway: bool):
query = User.query.filter( query = User.query.filter(
@ -209,6 +224,12 @@ class ClientAdmin(SLModelView):
can_edit = True can_edit = True
class CustomDomainAdmin(SLModelView):
column_searchable_list = ["domain", "", ""]
column_exclude_list = ["ownership_txt_token"]
can_edit = False
class ReferralAdmin(SLModelView): class ReferralAdmin(SLModelView):
column_searchable_list = ["id", "", "code", "name"] column_searchable_list = ["id", "", "code", "name"]
column_filters = ["id", "", "code", "name"] column_filters = ["id", "", "code", "name"]

@ -1,6 +1,7 @@
import re import re2 as re
from typing import Optional from typing import Optional
from email_validator import validate_email, EmailNotValidError
from sqlalchemy.exc import IntegrityError, DataError from sqlalchemy.exc import IntegrityError, DataError
from app.config import BOUNCE_PREFIX_FOR_REPLY_PHASE from app.config import BOUNCE_PREFIX_FOR_REPLY_PHASE
@ -10,6 +11,7 @@ from app.email_utils import (
send_cannot_create_domain_alias, send_cannot_create_domain_alias,
can_create_directory_for_address, can_create_directory_for_address,
send_cannot_create_directory_alias_disabled, send_cannot_create_directory_alias_disabled,
) )
from app.errors import AliasInTrashError from app.errors import AliasInTrashError
from app.extensions import db from app.extensions import db
@ -25,18 +27,23 @@ from app.models import (
Mailbox, Mailbox,
EmailLog, EmailLog,
Contact, Contact,
) )
def try_auto_create(address: str) -> Optional[Alias]: def try_auto_create(address: str) -> Optional[Alias]:
"""Try to auto-create the alias using directory or catch-all domain""" """Try to auto-create the alias using directory or catch-all domain"""
if address.startswith(f"{BOUNCE_PREFIX_FOR_REPLY_PHASE}+"): if address.startswith(f"{BOUNCE_PREFIX_FOR_REPLY_PHASE}+"):
LOG.exception( LOG.e("alias %s can't start with %s", address, BOUNCE_PREFIX_FOR_REPLY_PHASE)
"alias %s can't start with %s", address, BOUNCE_PREFIX_FOR_REPLY_PHASE
return None return None
alias = try_auto_create_catch_all_domain(address) try:
# NOT allow unicode for now
validate_email(address, check_deliverability=False, allow_smtputf8=False)
except EmailNotValidError:
return None
alias = try_auto_create_via_domain(address)
if not alias: if not alias:
alias = try_auto_create_directory(address) alias = try_auto_create_directory(address)
@ -68,16 +75,14 @@ def try_auto_create_directory(address: str) -> Optional[Alias]:
if not directory: if not directory:
return None return None
dir_user: User = directory.user user: User = directory.user
if not dir_user.can_create_new_alias(): if not user.can_create_new_alias():
send_cannot_create_directory_alias(dir_user, address, directory_name) send_cannot_create_directory_alias(user, address, directory_name)
return None return None
if directory.disabled: if directory.disabled:
send_cannot_create_directory_alias_disabled( send_cannot_create_directory_alias_disabled(user, address, directory_name)
dir_user, address, directory_name
return None return None
try: try:
@ -90,6 +95,7 @@ def try_auto_create_directory(address: str) -> Optional[Alias]:
user_id=directory.user_id, user_id=directory.user_id,,,
mailbox_id=mailboxes[0].id, mailbox_id=mailboxes[0].id,
note=f"Created by directory {}",
) )
db.session.flush() db.session.flush()
for i in range(1, len(mailboxes)): for i in range(1, len(mailboxes)):
@ -101,22 +107,22 @@ def try_auto_create_directory(address: str) -> Optional[Alias]:
db.session.commit() db.session.commit()
return alias return alias
except AliasInTrashError: except AliasInTrashError:
LOG.warning( LOG.w(
"Alias %s was deleted before, cannot auto-create using directory %s, user %s", "Alias %s was deleted before, cannot auto-create using directory %s, user %s",
address, address,
directory_name, directory_name,
dir_user, user,
) )
return None return None
except IntegrityError: except IntegrityError:
LOG.warning("Alias %s already exists", address) LOG.w("Alias %s already exists", address)
db.session.rollback() db.session.rollback()
alias = Alias.get_by(email=address) alias = Alias.get_by(email=address)
return alias return alias
def try_auto_create_catch_all_domain(address: str) -> Optional[Alias]: def try_auto_create_via_domain(address: str) -> Optional[Alias]:
"""Try to create an alias with catch-all domain""" """Try to create an alias with catch-all or auto-create rules on custom domain"""
# try to create alias on-the-fly with custom-domain catch-all feature # try to create alias on-the-fly with custom-domain catch-all feature
# check if alias is custom-domain alias and if the custom-domain has catch-all enabled # check if alias is custom-domain alias and if the custom-domain has catch-all enabled
@ -126,11 +132,31 @@ def try_auto_create_catch_all_domain(address: str) -> Optional[Alias]:
if not custom_domain: if not custom_domain:
return None return None
# custom_domain exists if not custom_domain.catch_all and len(custom_domain.auto_create_rules) == 0:
if not custom_domain.catch_all:
return None return None
elif not custom_domain.catch_all and len(custom_domain.auto_create_rules) > 0:
local = get_email_local_part(address)
for rule in custom_domain.auto_create_rules:
rule: AutoCreateRule
regex = re.compile(rule.regex)
if re.fullmatch(regex, local):
"%s passes %s on %s",
alias_note = f"Created by rule {rule.order} with regex {rule.regex}"
mailboxes = rule.mailboxes
else: # no rule passes
LOG.d("no rule passed to create %s", local)
else: # catch-all is enabled
mailboxes = custom_domain.mailboxes
alias_note = "Created by catch-all option"
# custom_domain has catch-all enabled
domain_user: User = custom_domain.user domain_user: User = custom_domain.user
if not domain_user.can_create_new_alias(): if not domain_user.can_create_new_alias():
@ -139,13 +165,13 @@ def try_auto_create_catch_all_domain(address: str) -> Optional[Alias]:
try: try:
LOG.d("create alias %s for domain %s", address, custom_domain) LOG.d("create alias %s for domain %s", address, custom_domain)
mailboxes = custom_domain.mailboxes
alias = Alias.create( alias = Alias.create(
email=address, email=address,
user_id=custom_domain.user_id, user_id=custom_domain.user_id,,,
automatic_creation=True, automatic_creation=True,
mailbox_id=mailboxes[0].id, mailbox_id=mailboxes[0].id,
) )
db.session.flush() db.session.flush()
for i in range(1, len(mailboxes)): for i in range(1, len(mailboxes)):
@ -156,7 +182,7 @@ def try_auto_create_catch_all_domain(address: str) -> Optional[Alias]:
db.session.commit() db.session.commit()
return alias return alias
except AliasInTrashError: except AliasInTrashError:
LOG.warning( LOG.w(
"Alias %s was deleted before, cannot auto-create using domain catch-all %s, user %s", "Alias %s was deleted before, cannot auto-create using domain catch-all %s, user %s",
address, address,
custom_domain, custom_domain,
@ -164,12 +190,12 @@ def try_auto_create_catch_all_domain(address: str) -> Optional[Alias]:
) )
return None return None
except IntegrityError: except IntegrityError:
LOG.warning("Alias %s already exists", address) LOG.w("Alias %s already exists", address)
db.session.rollback() db.session.rollback()
alias = Alias.get_by(email=address) alias = Alias.get_by(email=address)
return alias return alias
except DataError: except DataError:
LOG.warning("Cannot create alias %s", address) LOG.w("Cannot create alias %s", address)
db.session.rollback() db.session.rollback()
return None return None
@ -184,7 +210,7 @@ def delete_alias(alias: Alias, user: User):
if not DomainDeletedAlias.get_by( if not DomainDeletedAlias.get_by(, domain_id=alias.custom_domain_id, domain_id=alias.custom_domain_id
): ):
LOG.debug("add %s to domain %s trash", alias, alias.custom_domain_id) LOG.d("add %s to domain %s trash", alias, alias.custom_domain_id)
db.session.add( db.session.add(
DomainDeletedAlias( DomainDeletedAlias(,, domain_id=alias.custom_domain_id,, domain_id=alias.custom_domain_id

@ -7,7 +7,15 @@ from sqlalchemy.orm import joinedload
from app.config import PAGE_LIMIT from app.config import PAGE_LIMIT
from app.extensions import db from app.extensions import db
from app.models import Alias, Contact, EmailLog, Mailbox, AliasMailbox, CustomDomain from app.models import (
@dataclass @dataclass
@ -129,119 +137,46 @@ def get_alias_infos_with_pagination(user, page_id=0, query=None) -> [AliasInfo]:
def get_alias_infos_with_pagination_v3( def get_alias_infos_with_pagination_v3(
user, page_id=0, query=None, sort=None, alias_filter=None user,
) -> [AliasInfo]: ) -> [AliasInfo]:
# subquery on alias annotated with nb_reply, nb_blocked, nb_forward, max_created_at, latest_email_log_created_at q = construct_alias_query(user)
alias_activity_subquery = (
func.sum(case([(EmailLog.is_reply, 1)], else_=0)).label("nb_reply"),
[(and_(EmailLog.is_reply.is_(False), EmailLog.blocked), 1)],
.join(EmailLog, == EmailLog.alias_id, isouter=True)
.filter(Alias.user_id ==
alias_contact_subquery = (
db.session.query(, func.max("max_contact_id"))
.join(Contact, == Contact.alias_id, isouter=True)
.filter(Alias.user_id ==
latest_activity = case(
(Alias.created_at > EmailLog.created_at, Alias.created_at),
(Alias.created_at < EmailLog.created_at, EmailLog.created_at),
q = (
.join(Contact, == Contact.alias_id, isouter=True)
.join(CustomDomain, Alias.custom_domain_id ==, isouter=True)
.join(EmailLog, == EmailLog.contact_id, isouter=True)
.filter( ==
.filter( ==
== alias_activity_subquery.c.latest_email_log_created_at,
# no email log yet for this alias
# to make sure only 1 contact is returned in this case
or_( == alias_contact_subquery.c.max_contact_id,
if query: if query:
q = ( q = q.filter(
# to find mailbox whose email match the query
q.join(AliasMailbox, == AliasMailbox.alias_id, isouter=True)
or_( == Alias.mailbox_id, == AliasMailbox.mailbox_id,
or_( or_("%{query}%"),"%{query}%"),
# can't use match() here as it uses to_tsquery that expected a tsquery input # can't use match() here as it uses to_tsquery that expected a tsquery input
# Alias.ts_vector.match(query), # Alias.ts_vector.match(query),
Alias.ts_vector.op("@@")(func.plainto_tsquery(query)), Alias.ts_vector.op("@@")(func.plainto_tsquery("english", query)),"%{query}%"),"%{query}%"),"%{query}%"),
) )
) )
if mailbox_id:
q = q.join(
AliasMailbox, == AliasMailbox.alias_id, isouter=True
or_(Alias.mailbox_id == mailbox_id, AliasMailbox.mailbox_id == mailbox_id)
) )
if directory_id:
q = q.filter(Alias.directory_id == directory_id)
if alias_filter == "enabled": if alias_filter == "enabled":
q = q.filter(Alias.enabled) q = q.filter(Alias.enabled)
elif alias_filter == "disabled": elif alias_filter == "disabled":
q = q.filter(Alias.enabled.is_(False)) q = q.filter(Alias.enabled.is_(False))
elif alias_filter == "pinned":
q = q.order_by(Alias.pinned.desc()) q = q.filter(Alias.pinned)
elif alias_filter == "hibp":
q = q.filter(Alias.hibp_breaches.any())
if sort == "old2new": if sort == "old2new":
q = q.order_by(Alias.created_at) q = q.order_by(Alias.created_at)
@ -251,10 +186,16 @@ def get_alias_infos_with_pagination_v3(
q = q.order_by( q = q.order_by(
elif sort == "z2a": elif sort == "z2a":
q = q.order_by( q = q.order_by(
elif alias_filter == "hibp":
q = q.filter(Alias.hibp_breaches.any())
else: else:
# default sorting # default sorting
latest_activity = case(
(Alias.created_at > EmailLog.created_at, Alias.created_at),
(Alias.created_at < EmailLog.created_at, EmailLog.created_at),
q = q.order_by(Alias.pinned.desc())
q = q.order_by(latest_activity.desc()) q = q.order_by(latest_activity.desc())
q = list(q.limit(PAGE_LIMIT).offset(page_id * PAGE_LIMIT)) q = list(q.limit(PAGE_LIMIT).offset(page_id * PAGE_LIMIT))
@ -367,3 +308,98 @@ def get_alias_contacts(alias, page_id: int) -> [dict]:
res.append(serialize_contact(fe)) res.append(serialize_contact(fe))
return res return res
def get_alias_info_v3(user: User, alias_id: int) -> AliasInfo:
# use the same query construction in get_alias_infos_with_pagination_v3
q = construct_alias_query(user)
q = q.filter( == alias_id)
for alias, contact, email_log, custom_domain, nb_reply, nb_blocked, nb_forward in q:
return AliasInfo(
def construct_alias_query(user: User):
# subquery on alias annotated with nb_reply, nb_blocked, nb_forward, max_created_at, latest_email_log_created_at
alias_activity_subquery = (
func.sum(case([(EmailLog.is_reply, 1)], else_=0)).label("nb_reply"),
[(and_(EmailLog.is_reply.is_(False), EmailLog.blocked), 1)],
.join(EmailLog, == EmailLog.alias_id, isouter=True)
.filter(Alias.user_id ==
alias_contact_subquery = (
db.session.query(, func.max("max_contact_id"))
.join(Contact, == Contact.alias_id, isouter=True)
.filter(Alias.user_id ==
return (
.join(Contact, == Contact.alias_id, isouter=True)
.join(CustomDomain, Alias.custom_domain_id ==, isouter=True)
.join(EmailLog, == EmailLog.contact_id, isouter=True)
.filter( ==
.filter( ==
== alias_activity_subquery.c.latest_email_log_created_at,
# no email log yet for this alias
# to make sure only 1 contact is returned in this case
or_( == alias_contact_subquery.c.max_contact_id,

@ -1,3 +1,5 @@
from flanker.addresslib import address
from flanker.addresslib.address import EmailAddress
from flask import g from flask import g
from flask import jsonify from flask import jsonify
from flask import request from flask import request
@ -16,8 +18,6 @@ from app.api.serializer import (
) )
from app.dashboard.views.alias_log import get_alias_log from app.dashboard.views.alias_log import get_alias_log
from app.email_utils import ( from app.email_utils import (
generate_reply_email, generate_reply_email,
) )
from app.extensions import db from app.extensions import db
@ -400,10 +400,11 @@ def create_contact_route(alias_id):
if not contact_addr: if not contact_addr:
return jsonify(error="Contact cannot be empty"), 400 return jsonify(error="Contact cannot be empty"), 400
contact_name, contact_email = parseaddr_unicode(contact_addr) full_address: EmailAddress = address.parse(contact_addr)
if not full_address:
return jsonify(error=f"invalid contact email {contact_addr}"), 400
if not is_valid_email(contact_email): contact_name, contact_email = full_address.display_name, full_address.address
return jsonify(error=f"invalid contact email {contact_email}"), 400
contact_email = sanitize_email(contact_email) contact_email = sanitize_email(contact_email)

@ -36,7 +36,7 @@ def apple_process_payment():
200 of the payment is successful, i.e. user is upgraded to premium 200 of the payment is successful, i.e. user is upgraded to premium
""" """
LOG.debug("request for /apple/process_payment") LOG.d("request for /apple/process_payment")
user = g.user user = g.user
data = request.get_json() data = request.get_json()
receipt_data = data.get("receipt_data") receipt_data = data.get("receipt_data")
@ -229,7 +229,7 @@ def apple_update_notification():
# "auto_renew_product_id": "io.simplelogin.ios_app.subscription.premium.yearly", # "auto_renew_product_id": "io.simplelogin.ios_app.subscription.premium.yearly",
# "notification_type": "DID_CHANGE_RENEWAL_STATUS", # "notification_type": "DID_CHANGE_RENEWAL_STATUS",
# } # }
LOG.debug("request for /api/apple/update_notification") LOG.d("request for /api/apple/update_notification")
data = request.get_json() data = request.get_json()
if not ( if not (
data data
@ -282,7 +282,7 @@ def apple_update_notification():
db.session.commit() db.session.commit()
return jsonify(ok=True), 200 return jsonify(ok=True), 200
else: else:
LOG.warning( LOG.w(
"No existing AppleSub for original_transaction_id %s", "No existing AppleSub for original_transaction_id %s",
original_transaction_id, original_transaction_id,
) )
@ -305,16 +305,16 @@ def verify_receipt(receipt_data, user, password) -> Optional[AppleSubscription]:
_PROD_URL, json={"receipt-data": receipt_data, "password": password} _PROD_URL, json={"receipt-data": receipt_data, "password": password}
) )
except RequestException: except RequestException:
LOG.warning("cannot call Apple server %s", _PROD_URL) LOG.w("cannot call Apple server %s", _PROD_URL)
return None return None
if r.status_code >= 500: if r.status_code >= 500:
LOG.warning("Apple server error, response:%s %s", r, r.content) LOG.w("Apple server error, response:%s %s", r, r.content)
return None return None
if r.json() == {"status": 21007}: if r.json() == {"status": 21007}:
# try sandbox_url # try sandbox_url
LOG.warning("Use the sandbox url instead") LOG.w("Use the sandbox url instead")
r = r =
json={"receipt-data": receipt_data, "password": password}, json={"receipt-data": receipt_data, "password": password},
@ -472,7 +472,7 @@ def verify_receipt(receipt_data, user, password) -> Optional[AppleSubscription]:
# } # }
if data["status"] != 0: if data["status"] != 0:
LOG.warning( LOG.w(
"verifyReceipt status !=0, probably invalid receipt. User %s", "verifyReceipt status !=0, probably invalid receipt. User %s",
user, user,
) )
@ -499,7 +499,7 @@ def verify_receipt(receipt_data, user, password) -> Optional[AppleSubscription]:
# } # }
transactions = data["receipt"]["in_app"] transactions = data["receipt"]["in_app"]
if not transactions: if not transactions:
LOG.warning("Empty transactions in data %s", data) LOG.w("Empty transactions in data %s", data)
return None return None
latest_transaction = max(transactions, key=lambda t: int(t["expires_date_ms"])) latest_transaction = max(transactions, key=lambda t: int(t["expires_date_ms"]))
@ -527,7 +527,7 @@ def verify_receipt(receipt_data, user, password) -> Optional[AppleSubscription]:
else: else:
# the same original_transaction_id has been used on another account # the same original_transaction_id has been used on another account
if AppleSubscription.get_by(original_transaction_id=original_transaction_id): if AppleSubscription.get_by(original_transaction_id=original_transaction_id):
LOG.exception("Same Apple Sub has been used before, current user %s", user) LOG.e("Same Apple Sub has been used before, current user %s", user)
return None return None
LOG.d( LOG.d(

@ -96,7 +96,7 @@ def auth_register():
if not password or len(password) < 8: if not password or len(password) < 8:
return jsonify(error="password too short"), 400 return jsonify(error="password too short"), 400
LOG.debug("create user %s", email) LOG.d("create user %s", email)
user = User.create(email=email, name="", password=password) user = User.create(email=email, name="", password=password)
db.session.flush() db.session.flush()
@ -166,7 +166,7 @@ def auth_activate():
return jsonify(error="Wrong email or code"), 400 return jsonify(error="Wrong email or code"), 400
LOG.debug("activate user %s", user) LOG.d("activate user %s", user)
user.activated = True user.activated = True
AccountActivation.delete( AccountActivation.delete(
db.session.commit() db.session.commit()

@ -69,10 +69,10 @@ def new_custom_alias_v2():
try: try:
alias_suffix = signer.unsign(signed_suffix, max_age=600).decode() alias_suffix = signer.unsign(signed_suffix, max_age=600).decode()
except SignatureExpired: except SignatureExpired:
LOG.warning("Alias creation time expired for %s", user) LOG.w("Alias creation time expired for %s", user)
return jsonify(error="Alias creation time is expired, please retry"), 412 return jsonify(error="Alias creation time is expired, please retry"), 412
except Exception: except Exception:
LOG.warning("Alias suffix is tampered, user %s", user) LOG.w("Alias suffix is tampered, user %s", user)
return jsonify(error="Tampered suffix"), 400 return jsonify(error="Tampered suffix"), 400
if not verify_prefix_suffix(user, alias_prefix, alias_suffix): if not verify_prefix_suffix(user, alias_prefix, alias_suffix):
@ -184,10 +184,10 @@ def new_custom_alias_v3():
try: try:
alias_suffix = signer.unsign(signed_suffix, max_age=600).decode() alias_suffix = signer.unsign(signed_suffix, max_age=600).decode()
except SignatureExpired: except SignatureExpired:
LOG.warning("Alias creation time expired for %s", user) LOG.w("Alias creation time expired for %s", user)
return jsonify(error="Alias creation time is expired, please retry"), 412 return jsonify(error="Alias creation time is expired, please retry"), 412
except Exception: except Exception:
LOG.warning("Alias suffix is tampered, user %s", user) LOG.w("Alias suffix is tampered, user %s", user)
return jsonify(error="Tampered suffix"), 400 return jsonify(error="Tampered suffix"), 400
if not verify_prefix_suffix(user, alias_prefix, alias_suffix): if not verify_prefix_suffix(user, alias_prefix, alias_suffix):

@ -48,7 +48,7 @@ def new_random_alias():
elif mode == "uuid": elif mode == "uuid":
scheme = AliasGeneratorEnum.uuid.value scheme = AliasGeneratorEnum.uuid.value
else: else:
return jsonify(error=f"{mode} must be either word or alias"), 400 return jsonify(error=f"{mode} must be either word or uuid"), 400
alias = Alias.create_new_random(user=user, scheme=scheme, note=note) alias = Alias.create_new_random(user=user, scheme=scheme, note=note)
db.session.commit() db.session.commit()

@ -87,7 +87,7 @@ def update_setting():
# sanity check # sanity check
if custom_domain.user_id != or not custom_domain.verified: if custom_domain.user_id != or not custom_domain.verified:
LOG.exception("%s cannot use domain %s", user, default_domain) LOG.e("%s cannot use domain %s", user, default_domain)
return jsonify(error="invalid domain"), 400 return jsonify(error="invalid domain"), 400
else: else:
user.default_alias_custom_domain_id = user.default_alias_custom_domain_id =

@ -12,7 +12,7 @@
<form class="card" method="post"> <form class="card" method="post">
{{ form.csrf_token }} {{ form.csrf_token }}
<div class="card-body p-6"> <div class="card-body p-6">
<div class="card-title">Forgot password</div> <h1 class="card-title">Forgot password</h1>
<div class="form-group"> <div class="form-group">
<label class="form-label">Email address</label> <label class="form-label">Email address</label>

View file

@ -16,7 +16,7 @@
<form class="card" style="border-radius: 2%" method="post"> <form class="card" style="border-radius: 2%" method="post">
{{ form.csrf_token }} {{ form.csrf_token }}
<div class="card-body p-6"> <div class="card-body p-6">
<div class="card-title">Welcome back!</div> <h1 class="card-title">Welcome back!</h1>
<div class="form-group"> <div class="form-group">
<label class="form-label">Email address</label> <label class="form-label">Email address</label>
{{"form-control", type="email", autofocus="true") }} {{"form-control", type="email", autofocus="true") }}

View file

@ -8,7 +8,7 @@
<form class="card" style="border-radius: 2%" method="post"> <form class="card" style="border-radius: 2%" method="post">
{{ form.csrf_token }} {{ form.csrf_token }}
<div class="card-body p-6"> <div class="card-body p-6">
<div class="card-title">Create new account</div> <h1 class="card-title">Create new account</h1>
<div class="form-group"> <div class="form-group">
<label class="form-label">Email address</label> <label class="form-label">Email address</label>

View file

@ -57,8 +57,8 @@ def activate():
# The activation link contains the original page, for ex authorize page # The activation link contains the original page, for ex authorize page
if "next" in request.args: if "next" in request.args:
next_url = request.args.get("next") next_url = request.args.get("next")
LOG.debug("redirect user to %s", next_url) LOG.d("redirect user to %s", next_url)
return redirect(next_url) return redirect(next_url)
else: else:
LOG.debug("redirect user to dashboard") LOG.d("redirect user to dashboard")
return redirect(url_for("dashboard.index")) return redirect(url_for("dashboard.index"))

@ -115,7 +115,7 @@ def facebook_callback():
# The activation link contains the original page, for ex authorize page # The activation link contains the original page, for ex authorize page
if "facebook_next_url" in session: if "facebook_next_url" in session:
next_url = session["facebook_next_url"] next_url = session["facebook_next_url"]
LOG.debug("redirect user to %s", next_url) LOG.d("redirect user to %s", next_url)
# reset the next_url to avoid user getting redirected at each login :) # reset the next_url to avoid user getting redirected at each login :)
session.pop("facebook_next_url", None) session.pop("facebook_next_url", None)

@ -95,7 +95,7 @@ def fido():
) )
new_sign_count = webauthn_assertion_response.verify() new_sign_count = webauthn_assertion_response.verify()
except Exception as e: except Exception as e:
LOG.warning(f"An error occurred in WebAuthn verification process: {e}") LOG.w(f"An error occurred in WebAuthn verification process: {e}")
flash("Key verification failed.", "warning") flash("Key verification failed.", "warning")
# Trigger rate limiter # Trigger rate limiter
g.deduct_limit = True g.deduct_limit = True

@ -75,7 +75,7 @@ def github_callback():
break break
if not email: if not email:
LOG.exception(f"cannot get email for github user {github_user_data} {emails}") LOG.e(f"cannot get email for github user {github_user_data} {emails}")
flash( flash(
"Cannot get a valid email from Github, please another way to login/sign up", "Cannot get a valid email from Github, please another way to login/sign up",
"error", "error",

@ -101,7 +101,7 @@ def google_callback():
# The activation link contains the original page, for ex authorize page # The activation link contains the original page, for ex authorize page
if "google_next_url" in session: if "google_next_url" in session:
next_url = session["google_next_url"] next_url = session["google_next_url"]
LOG.debug("redirect user to %s", next_url) LOG.d("redirect user to %s", next_url)
# reset the next_url to avoid user getting redirected at each login :) # reset the next_url to avoid user getting redirected at each login :)
session.pop("google_next_url", None) session.pop("google_next_url", None)

@ -25,7 +25,7 @@ def login():
if current_user.is_authenticated: if current_user.is_authenticated:
if next_url: if next_url:
LOG.debug("user is already authenticated, redirect to %s", next_url) LOG.d("user is already authenticated, redirect to %s", next_url)
return redirect(next_url) return redirect(next_url)
else: else:
LOG.d("user is already authenticated, redirect to dashboard") LOG.d("user is already authenticated, redirect to dashboard")

@ -29,15 +29,15 @@ def after_login(user, next_url):
else: else:
return redirect(url_for("auth.mfa")) return redirect(url_for("auth.mfa"))
else: else:
LOG.debug("log user %s in", user) LOG.d("log user %s in", user)
login_user(user) login_user(user)
# User comes to login page from another page # User comes to login page from another page
if next_url: if next_url:
LOG.debug("redirect user to %s", next_url) LOG.d("redirect user to %s", next_url)
return redirect(next_url) return redirect(next_url)
else: else:
LOG.debug("redirect user to dashboard") LOG.d("redirect user to dashboard")
return redirect(url_for("dashboard.index")) return redirect(url_for("dashboard.index"))

@ -58,10 +58,10 @@ def recovery_route():
# User comes to login page from another page # User comes to login page from another page
if next_url: if next_url:
LOG.debug("redirect user to %s", next_url) LOG.d("redirect user to %s", next_url)
return redirect(next_url) return redirect(next_url)
else: else:
LOG.debug("redirect user to dashboard") LOG.d("redirect user to dashboard")
return redirect(url_for("dashboard.index")) return redirect(url_for("dashboard.index"))
else: else:
# Trigger rate limiter # Trigger rate limiter

@ -53,7 +53,7 @@ def register():
# 'challenge_ts': '2020-07-23T10:03:25', # 'challenge_ts': '2020-07-23T10:03:25',
# 'hostname': ''} # 'hostname': ''}
if not hcaptcha_res["success"]: if not hcaptcha_res["success"]:
LOG.warning( LOG.w(
"User put wrong captcha %s %s", "User put wrong captcha %s %s",,,
hcaptcha_res, hcaptcha_res,
@ -74,7 +74,7 @@ def register():
if personal_email_already_used(email): if personal_email_already_used(email):
flash(f"Email {email} already used", "error") flash(f"Email {email} already used", "error")
else: else:
LOG.debug("create user %s", email) LOG.d("create user %s", email)
user = User.create( user = User.create(
email=email, email=email,
name="", name="",

@ -45,7 +45,6 @@ if config_file:
else: else:
load_dotenv() load_dotenv()
RESET_DB = "RESET_DB" in os.environ
COLOR_LOG = "COLOR_LOG" in os.environ COLOR_LOG = "COLOR_LOG" in os.environ
# Allow user to have 1 year of premium: set the expiration_date to 1 year more # Allow user to have 1 year of premium: set the expiration_date to 1 year more
@ -158,7 +157,6 @@ DISABLE_ALIAS_SUFFIX = "DISABLE_ALIAS_SUFFIX" in os.environ
DKIM_HEADERS = [b"from", b"to"]
if "DKIM_PRIVATE_KEY_PATH" in os.environ: if "DKIM_PRIVATE_KEY_PATH" in os.environ:
@ -334,6 +332,9 @@ AlERT_WRONG_MX_RECORD_CUSTOM_DOMAIN = "custom_domain_mx_record_issue"
# alert when a new alias is about to be created on a disabled directory # alert when a new alias is about to be created on a disabled directory
ALERT_DIRECTORY_DISABLED_ALIAS_CREATION = "alert_directory_disabled_alias_creation" ALERT_DIRECTORY_DISABLED_ALIAS_CREATION = "alert_directory_disabled_alias_creation"
ALERT_HOTMAIL_COMPLAINT = "alert_hotmail_complaint"
ALERT_YAHOO_COMPLAINT = "alert_yahoo_complaint"
# <<<<< END ALERT EMAIL >>>> # <<<<< END ALERT EMAIL >>>>
# Disable onboarding emails # Disable onboarding emails
@ -394,3 +395,11 @@ except Exception:
HIBP_API_KEYS = sl_getenv("HIBP_API_KEYS", list) or [] HIBP_API_KEYS = sl_getenv("HIBP_API_KEYS", list) or []
POSTMASTER = os.environ.get("POSTMASTER")
# store temporary files, especially for debugging
TEMP_DIR = os.environ.get("TEMP_DIR")
# enable the alias automation disable: an alias can be automatically disabled if it has too many bounces

@ -27,7 +27,7 @@
<div class="col-12 col-lg-6"> <div class="col-12 col-lg-6">
<div class="card"> <div class="card">
<div class="card-body"> <div class="card-body">
<h5 class="card-title">{{ }}</h5> <h5 class="card-title">{{ or "N/A" }}</h5>
<h6 class="card-subtitle mb-2 text-muted"> <h6 class="card-subtitle mb-2 text-muted">
{% if api_key.last_used %} {% if api_key.last_used %}
Last used: {{ api_key.last_used | dt }} <br> Last used: {{ api_key.last_used | dt }} <br>

@ -25,15 +25,16 @@
</div> </div>
{% endif %} {% endif %}
<form method="post"> <form method="post" data-parsley-validate>
<div class="row mb-2"> <div class="row mb-2">
<div class="col-sm-6 mb-1 p-1" style="min-width: 4em"> <div class="col-sm-6 mb-1 p-1" style="min-width: 4em">
<input name="prefix" class="form-control" <input name="prefix" class="form-control"
id="prefix" id="prefix"
type="text" type="text"
pattern="[0-9a-z-_.]{1,}" data-parsley-pattern="[0-9a-z-_.]{1,}"
data-parsley-error-message="Only lowercase letters, dots, numbers, dashes (-) and underscores (_) are currently supported."
maxlength="40" maxlength="40"
data-bouncer-message="Only lowercase letters, dots, numbers, dashes (-) and underscores (_) are currently supported."
placeholder="Alias prefix, for example" placeholder="Alias prefix, for example"
autofocus required> autofocus required>
@ -69,7 +70,7 @@
<div class="row mb-2"> <div class="row mb-2">
<div class="col p-1"> <div class="col p-1">
<select data-width="100%" <select data-width="100%"
class="mailbox-select" id="mailboxes" multiple name="mailboxes"> class="mailbox-select" id="mailboxes" multiple name="mailboxes" required>
{% for mailbox in mailboxes %} {% for mailbox in mailboxes %}
<option value="{{ }}" {% if == current_user.default_mailbox_id %} <option value="{{ }}" {% if == current_user.default_mailbox_id %}
selected {% endif %}> selected {% endif %}>
@ -94,7 +95,7 @@
<div class="row"> <div class="row">
<div class="col p-1"> <div class="col p-1">
<button type="button" id="submit" class="btn btn-primary mt-1">Create</button> <button type="submit" id="create" class="btn btn-primary mt-1">Create</button>
</div> </div>
</div> </div>
</form> </form>
@ -105,9 +106,6 @@
{% block script %} {% block script %}
<script> <script>
// init bouncer
new Bouncer('form');
$('.mailbox-select').multipleSelect(); $('.mailbox-select').multipleSelect();
// Ctrl-enter submit the form // Ctrl-enter submit the form
@ -117,7 +115,7 @@
} }
}) })
$("#submit").on("click", async function () { $("#create").on("click", async function () {
let that = $(this); let that = $(this);
let mailbox_ids = $(`#mailboxes`).val(); let mailbox_ids = $(`#mailboxes`).val();
let prefix = $('#prefix').val(); let prefix = $('#prefix').val();

@ -21,7 +21,7 @@
{% if not current_user.is_premium() %} {% if not current_user.is_premium() %}
<div class="alert alert-danger" role="alert"> <div class="alert alert-danger" role="alert">
This feature is only available on Premium plan. This feature is only available on Premium plan.
<a href="{{URL}}/dashboard/pricing" target="_blank" rel="noopener"> <a href="{{ URL }}/dashboard/pricing" target="_blank" rel="noopener">
Upgrade<i class="fe fe-external-link"></i> Upgrade<i class="fe fe-external-link"></i>
</a> </a>
</div> </div>
@ -42,51 +42,27 @@
<div class="card-body"> <div class="card-body">
<h5 class="card-title"> <h5 class="card-title">
<a href="{{ url_for('dashboard.domain_detail', }}">{{ custom_domain.domain }}</a> <a href="{{ url_for('dashboard.domain_detail', }}">{{ custom_domain.domain }}</a>
{% if custom_domain.verified %} {% if custom_domain.ownership_verified and not custom_domain.verified %}
<span class="cursor" data-toggle="tooltip" data-original-title="Domain Verified"></span> <a href="{{ url_for('dashboard.domain_detail_dns',,
{% else %} _anchor='dns-setup') }}" class="btn btn-info btn-sm">
<span class="cursor" data-toggle="tooltip" data-original-title="DNS Setup Needed"> Ownership verified. Setup the DNS
<a href="{{ url_for('dashboard.domain_detail_dns', }}" </a>
class="text-decoration-none">🚫 {% elif custom_domain.ownership_verified and custom_domain.verified %}
<span class="badge badge-success">Domain ready</span>
<!-- custom_domain.ownership_verified is False -->
{% else %}
<a href="{{ url_for('dashboard.domain_detail_dns',,
_anchor='ownership-form') }}" class="btn btn-warning btn-sm" role="button">
Verify domain ownership
</a> </a>
{% endif %} {% endif %}
</h5> </h5>
<h6 class="card-subtitle mb-4 text-muted"> <h6 class="card-subtitle mb-4 text-muted">
Created {{ custom_domain.created_at | dt }} <br> Created {{ custom_domain.created_at | dt }} <br>
<span class="font-weight-bold">{{ custom_domain.nb_alias() }}</span> aliases. <span class="font-weight-bold">{{ custom_domain.nb_alias() }}</span> aliases.
<i class="fe fe-info" data-toggle="tooltip"
title="Aliases created with this domain are automatically owned by these mailboxes">
<br> <br>
{% set domain_mailboxes=custom_domain.mailboxes %}
<form method="post" class="mt-2">
<input type="hidden" name="form-name" value="update">
<input type="hidden" name="domain-id" value="{{ }}">
<div class="d-flex">
<div class="flex-grow-1 mr-2">
<select data-width="100%" required
class="mailbox-select" multiple name="mailbox_ids">
{% for mailbox in mailboxes %}
<option value="{{ }}" {% if mailbox in domain_mailboxes %}
selected {% endif %}>
{{ }}
{% endfor %}
<button class="btn btn-outline-primary btn-sm">Update</button>
</h6> </h6>
<a href="{{ url_for('dashboard.domain_detail', }}" class="mt-3"> <a href="{{ url_for('dashboard.domain_detail', }}" class="mt-3">
@ -112,25 +88,10 @@
{{ new_custom_domain_form.domain(class="form-control", placeholder="", maxlength=128) }} {{ new_custom_domain_form.domain(class="form-control", placeholder="", maxlength=128) }}
{{ render_field_errors(new_custom_domain_form.domain) }} {{ render_field_errors(new_custom_domain_form.domain) }}
<div class="small-text"> <div class="small-text">
Please use full path domain, for ex <em></em> Please use full path domain, for example <b></b>
or <b></b> if you are using a subdomain.
</div> </div>
<div class="mt-3 small-text alert alert-info">
By default, aliases created with your domain are "owned" by your default
mailbox <b>{{ }}</b>. <br>
This below option allow you to choose the mailbox(es) that a new alias automatically belongs to.
<select data-width="100%"
class="mailbox-select" multiple name="mailbox_ids">
{% for mailbox in mailboxes %}
<option value="{{ }}" {% if == current_user.default_mailbox_id %}
selected {% endif %}>
{{ }}
{% endfor %}
<button class="btn btn-primary mt-2">Create</button> <button class="btn btn-primary mt-2">Create</button>
</form> </form>
</div> </div>

@ -37,7 +37,7 @@
<em>my_directory+<b>anything</b>@{{ FIRST_ALIAS_DOMAIN }}</em> or <br> <em>my_directory+<b>anything</b>@{{ FIRST_ALIAS_DOMAIN }}</em> or <br>
<em>my_directory#<b>anything</b>@{{ FIRST_ALIAS_DOMAIN }}</em> <br> <em>my_directory#<b>anything</b>@{{ FIRST_ALIAS_DOMAIN }}</em> <br>
</div> </div>
<em><b>anything</b></em> is any string composed of lowercase character. <br> <em><b>anything</b></em> is any string composed of lowercase characters. <br>
You can find more info on directory on our <a href="">blog post</a>. You can find more info on directory on our <a href="">blog post</a>.

@ -0,0 +1,171 @@
{% extends 'dashboard/domain_detail/base.html' %}
{% set domain_detail_page = "auto_create" %}
{% block title %}
{{ custom_domain.domain }} Auto Create Rules
{% endblock %}
{% block domain_detail_content %}
<h1 class="h2 mb-1"> {{ custom_domain.domain }} auto create alias rules </h1>
<span class="badge badge-info">Advanced</span>
<span class="badge badge-warning">Beta</span>
{% if custom_domain.catch_all %}
<div class="alert alert-warning mt-3">
Rules are ineffective when catch-all is enabled.
{% endif %}
<div class="{% if custom_domain.catch_all %} disabled-content {% endif %}">
<div class="mt-3 mb-2">
For a greater control than a simple catch-all, you can define a set of <b>rules</b> to auto create aliases. <br>
A rule is based on a regular expression (<b>regex</b>): if an alias matches the expression, it'll be automatically
<div class="alert alert-info">
Only the local part of the alias (i.e. <b>@{{ custom_domain.domain }}</b> is ignored) during the
regex test.
<div class="alert alert-info">
When there are several rules, rules will be evaluated by their order.
{% if custom_domain.auto_create_rules | length > 0 %}
<div class="mt-2" id="rule-list">
{% for auto_create_rule in custom_domain.auto_create_rules %}
<div class="card">
<div class="card-body">
Order: <b>{{ auto_create_rule.order }}</b> <br>
<input readonly value="{{ auto_create_rule.regex }}" class="form-control">
New alias will belong to
{% for mailbox in auto_create_rule.mailboxes %}
<b>{{ }}</b>
{% if not loop.last %},{% endif %}
{% endfor %}
<form method="post" class="mt-2">
<input type="hidden" name="form-name" value="delete-auto-create-rule">
<input type="hidden" name="rule-id" value="{{ }}">
<button class="btn btn-outline-danger btn-sm float-right">Delete</button>
{% endfor %}
{% endif %}
<div class="mt-2" id="new-rule">
<h3>New rule </h3>
<form method="post" action="#rule-list" data-parsley-validate>
<input type="hidden" name="form-name" value="create-auto-create-rule">
{{ new_auto_create_rule_form.csrf_token }}
<div class="form-group">
{{ new_auto_create_rule_form.regex(class="form-control",
) }}
{{ render_field_errors(new_auto_create_rule_form.regex) }}
<div class="small-text">
For example, if you want aliases that starts with <b>prefix.</b> to be automatically created, you can set
regex to <em data-toggle="tooltip"
title="Click to copy"
If you want aliases that ends with <b>.suffix</b> to be automatically created, you can use the regex
<em data-toggle="tooltip"
title="Click to copy"
To test out regex, we recommend using regex tester tool like
<a href="" target="_blank">↗</a>
<div class="form-group">
{{ new_auto_create_rule_form.order(class="form-control", placeholder="10", min=1, value=1, type="number") }}
{{ render_field_errors(new_auto_create_rule_form.order) }}
<div class="form-group">
<div class="flex-grow-1 mr-2">
<select data-width="100%" required
class="mailbox-select" multiple name="mailbox_ids">
{% for mailbox in mailboxes %}
<option value="{{ }}" {% if == current_user.default_mailbox_id %}
selected {% endif %}>
{{ }}
{% endfor %}
<button class="btn btn-primary mt-2">Create</button>
<div id="debug-zone">
<h3>Debug Zone</h3>
<p>You can test whether an alias will be automatically created given the rules above </p>
<div class="alert alert-info">
No worries, no alias will be created during the test :)
<form method="post" action="#debug-zone">
<input type="hidden" name="form-name" value="test-auto-create-rule">
{{ auto_create_test_form.csrf_token }}
<div class="d-flex">
<div class="form-group d-flex">
{{ auto_create_test_form.local(class="form-control", type="text", placeholder="local", value=auto_create_test_local) }}
{{ render_field_errors(auto_create_test_form.local) }}
<b class="pt-2 ml-1">@{{ custom_domain.domain }}</b>
<div class="form-group">
<button class="btn btn-outline-primary">Test</button>
{% if auto_create_test_result %}
<div class="alert {% if auto_create_test_passed %} alert-success {% else %} alert-warning {% endif %}">
{{ auto_create_test_result }}
{% endif %}
{% endblock %}
{% block script %}
{% endblock %}

@ -20,13 +20,19 @@
class="list-group-item list-group-item-action {{ 'active' if domain_detail_page == 'trash' }}"> class="list-group-item list-group-item-action {{ 'active' if domain_detail_page == 'trash' }}">
<span class="icon mr-3"><i class="fe fe-trash"></i></span>Deleted Alias <span class="icon mr-3"><i class="fe fe-trash"></i></span>Deleted Alias
</a> </a>
<a href="{{ url_for('dashboard.domain_detail_auto_create', }}"
class="list-group-item list-group-item-action {{ 'active' if domain_detail_page == 'auto_create' }}">
<span class="icon mr-3"><i class="fe fe-layers"></i></span>Auto Create
</div> </div>
</div> </div>
<div class="col-lg-9"> <div class="col-lg-9">
<div class="card"> <div class="card">
<div class="card-body"> <div class="card-body">
<div class="text-wrap p-lg-6"> <div class="text-wrap p-lg-6 domain_detail_content">
{% block domain_detail_content %} {% block domain_detail_content %}
{% endblock %} {% endblock %}
</div> </div>

@ -13,10 +13,69 @@
<div class="">Please follow the steps below to set up your domain.</div> <div class="">Please follow the steps below to set up your domain.</div>
<div class="small-text mb-5"> <div class="small-text mb-5">
DNS changes could take up to 24 hours to propagate. In practice, it's a lot faster though (~1 DNS changes could take up to 24 hours to update.
minute or in our experience).
</div> </div>
{% if not custom_domain.ownership_verified %}
<div id="ownership-form">
<div class="font-weight-bold">Domain ownership verification
{% if custom_domain.ownership_verified %}
<span class="cursor" data-toggle="tooltip" data-original-title="Domain Ownership Verified"></span>
{% else %}
<span class="cursor" data-toggle="tooltip" data-original-title="Domain Ownership Required">🚫 </span>
{% endif %}
{% if not custom_domain.ownership_verified %}
<div class="mb-2">
To verify ownership of the domain, please add the following TXT record.
Some domain registrars (Namecheap, CloudFlare, etc) might use <em>@</em> for the root domain.
<div class="mb-3 p-3 dns-record">
Record: TXT <br>
Domain: {{ custom_domain.domain }} or <b>@</b> <br>
Value: <em data-toggle="tooltip"
title="Click to copy"
data-clipboard-text="{{ custom_domain.get_ownership_dns_txt_value() }}">{{ custom_domain.get_ownership_dns_txt_value() }}</em>
<form method="post" action="#ownership-form">
<input type="hidden" name="form-name" value="check-ownership">
<button type="submit" class="btn btn-primary"> Verify</button>
{% if not ownership_ok %}
<div class="text-danger mt-4">
Your DNS is not correctly set. The TXT record we obtain is:
<div class="mb-3 p-3 dns-record">
{% if not ownership_errors %}
{% endif %}
{% for r in ownership_errors %}
{{ r }} <br>
{% endfor %}
{% endif %}
{% endif %}
{% endif %}
class="{% if not custom_domain.ownership_verified %} disabled-content {% endif %}"
{% if not custom_domain.ownership_verified %}
<div class="alert alert-warning">
A domain ownership must be verified first.
{% endif %}
<div id="mx-form"> <div id="mx-form">
<div class="font-weight-bold">1. MX record <div class="font-weight-bold">1. MX record
@ -38,10 +97,7 @@
<div class="mb-3 p-3 dns-record"> <div class="mb-3 p-3 dns-record">
Record: MX <br> Record: MX <br>
Domain: {{ custom_domain.domain }} or Domain: {{ custom_domain.domain }} or
<em data-toggle="tooltip" <b>@</b> <br>
title="Click to copy"
data-clipboard-text="@">@</em> <br>
Priority: {{ priority }} <br> Priority: {{ priority }} <br>
Target: <em data-toggle="tooltip" Target: <em data-toggle="tooltip"
title="Click to copy" title="Click to copy"
@ -100,7 +156,8 @@
rel="noopener">(Wikipedia↗)</a> is an email rel="noopener">(Wikipedia↗)</a> is an email
authentication method authentication method
designed to detect forging sender addresses during the delivery of the email. <br> designed to detect forging sender addresses during the delivery of the email. <br>
Setting up SPF is highly recommended to reduce the chance your emails ending up in the recipient's Spam folder. Setting up SPF is highly recommended to reduce the chance your emails ending up in the recipient's Spam
</div> </div>
<div class="mb-2">Add the following TXT DNS record to your domain.</div> <div class="mb-2">Add the following TXT DNS record to your domain.</div>
@ -108,10 +165,7 @@
<div class="mb-2 p-3 dns-record"> <div class="mb-2 p-3 dns-record">
Record: TXT <br> Record: TXT <br>
Domain: {{ custom_domain.domain }} or Domain: {{ custom_domain.domain }} or
<em data-toggle="tooltip" <b>@</b> <br>
title="Click to copy"
data-clipboard-text="@">@</em> <br>
Value: Value:
<em data-toggle="tooltip" <em data-toggle="tooltip"
title="Click to copy" title="Click to copy"
@ -170,7 +224,8 @@
email email
authentication method authentication method
designed to avoid email spoofing. <br> designed to avoid email spoofing. <br>
Setting up DKIM is highly recommended to reduce the chance your emails ending up in the recipient's Spam folder. Setting up DKIM is highly recommended to reduce the chance your emails ending up in the recipient's Spam
</div> </div>
<div class="mb-2">Add the following CNAME DNS record to your domain.</div> <div class="mb-2">Add the following CNAME DNS record to your domain.</div>
@ -311,6 +366,7 @@
</div> </div>
{% endif %} {% endif %}
</div> </div>
</div> </div>
{% endblock %} {% endblock %}

@ -7,39 +7,18 @@
{% endblock %} {% endblock %}
{% block domain_detail_content %} {% block domain_detail_content %}
<h1 class="h3"> {{ custom_domain.domain }} <h1 class="h2 mb-1"> {{ custom_domain.domain }} </h1>
{% if custom_domain.verified %}
<span class="cursor" data-toggle="tooltip" data-original-title="DNS Setup OK"></span>
{% else %}
<span class="cursor" data-toggle="tooltip" data-original-title="DNS Setup Needed">
<a href="{{ url_for('dashboard.domain_detail_dns', }}"
{% endif %}
<div class="small-text">Created {{ custom_domain.created_at | dt }}</div> <div class="small-text">Created {{ custom_domain.created_at | dt }}. {{ nb_alias }} aliases</div>
{{ nb_alias }} aliases
<hr> <hr>
<div>Catch All</div> <h3 class="mb-1">Auto create/on the fly alias </h3>
<div class="small-text">
This feature allows you to create aliases <b>on the fly</b>.
Simply use <em>anything@{{ custom_domain.domain }}</em>
next time you need an email address. <br>
The alias will be created the first time it receives an email
and automatically belong to <b>{{ custom_domain.domain }}</b> mailboxes (
{% for mailbox in custom_domain.mailboxes %}
<b>{{ }}</b>
{% if not loop.last %},{% endif %}
{% endfor %})
<div> <div>
<form method="post"> <form method="post">
<input type="hidden" name="form-name" value="switch-catch-all"> <input type="hidden" name="form-name" value="switch-catch-all">
<label class="custom-switch cursor mt-2 pl-0" <label class="custom-switch cursor mt-2 pl-0"
data-toggle="tooltip" data-toggle="tooltip"
{% if custom_domain.catch_all %} {% if custom_domain.catch_all %}
@ -52,38 +31,81 @@
{{ "checked" if custom_domain.catch_all else "" }}> {{ "checked" if custom_domain.catch_all else "" }}>
<span class="custom-switch-indicator"></span> <span class="custom-switch-indicator"></span>
<spam class="ml-2">
Catch All
</label> </label>
</form> </form>
<div class="">
Simply use <b>anything@{{ custom_domain.domain }}</b>
next time you need an alias: it'll be <b>automatically</b>
created the first time it receives an email.
To have more fine-grained control, you can also define
<a href="{{ url_for('dashboard.domain_detail_auto_create', }}">auto create
<i class="fe fe-chevrons-right"></i></a>.
<div class="{% if not custom_domain.catch_all %} disabled-content {% endif %}">
<div>Auto-created aliases are automatically owned by the following mailboxes
<i class="fe fe-corner-right-down"></i></a>.
{% set domain_mailboxes=custom_domain.mailboxes %}
<form method="post" class="mt-2">
<input type="hidden" name="form-name" value="update">
<input type="hidden" name="domain-id" value="{{ }}">
<div class="d-flex">
<div class="flex-grow-1 mr-2">
<select data-width="100%" required
class="mailbox-select" multiple name="mailbox_ids">
{% for mailbox in mailboxes %}
<option value="{{ }}" {% if mailbox in domain_mailboxes %}
selected {% endif %}>
{{ }}
{% endfor %}
<button class="btn btn-outline-primary btn-sm">Update</button>
</div> </div>
<hr> <hr>
<div>Default Alias Name</div> <h3 class="mb-1">Default Display Name</h3>
<div class="small-text"> <div class="">
This name will be used as the default alias name when you send Default display name for aliases created with <b>{{ custom_domain.domain }}</b>
or reply from an alias, unless overwritten by the alias specific name. unless overwritten by the alias display name.
</div> </div>
<div> <div>
<form method="post"> <form method="post" class="form-inline">
<input type="hidden" name="form-name" value="set-name"> <input type="hidden" name="form-name" value="set-name">
<div class="form-group"> <div class="form-group">
<input class="form-control" <input class="form-control mr-2"
value="{{ or "" }}" value="{{ or "" }}"
name="alias-name" name="alias-name"
placeholder="Alias name"> placeholder="Alias Display Name">
</div> </div>
<button class="btn btn-primary" name="action" value="save">Save</button> <button class="btn btn-outline-primary" name="action" value="save">Save</button>
{% if %} {% if %}
<button class="btn btn-danger float-right" name="action" value="remove">Remove</button> <button class="btn btn-outline-danger float-right ml-2" name="action" value="remove">Remove</button>
{% endif %} {% endif %}
</form> </form>
</div> </div>
<hr> <hr>
<div>Random Prefix Generation</div> <h3 class="mb-1">Random Prefix Generation</h3>
<div class="small-text"> <div class="">
A random prefix can be generated for this domain for usage in the New Alias Add a random prefix for this domain when creating a new alias.
</div> </div>
<div> <div>
@ -106,20 +128,22 @@
</div> </div>
<hr> <hr>
<h3 class="mb-0">Delete Domain</h3> <h3 class="mb-1">Delete Domain</h3>
<div class="small-text mb-3">Please note that this operation is irreversible. <div class="mb-3">This operation is <b>irreversible</b>.
All aliases associated with this domain will be also deleted. All aliases associated with this domain will be deleted.
</div> </div>
<form method="post"> <form method="post">
<input type="hidden" name="form-name" value="delete"> <input type="hidden" name="form-name" value="delete">
<span class="delete-custom-domain btn btn-outline-danger">Delete domain</span> <span class="delete-custom-domain btn btn-danger">Delete domain</span>
</form> </form>
{% endblock %} {% endblock %}
{% block script %} {% block script %}
<script> <script>
$(".custom-switch-input").change(function (e) { $(".custom-switch-input").change(function (e) {
$(this).closest("form").submit(); $(this).closest("form").submit();
}); });
@ -149,3 +173,4 @@
}); });
</script> </script>
{% endblock %} {% endblock %}

@ -92,10 +92,11 @@
</div> </div>
<!-- END Global Stats --> <!-- END Global Stats -->
<!-- Controls: buttons & search -->
<div id="filter-app">
<div class="row mb-3"> <div class="row mb-3">
<div class="col d-flex">
<div class="col-lg-6 pt-1" style="max-width: 25em"> <div>
<div class="btn-group" role="group"> <div class="btn-group" role="group">
<form method="post"> <form method="post">
<input type="hidden" name="form-name" value="create-custom-email"> <input type="hidden" name="form-name" value="create-custom-email">
@ -135,11 +136,19 @@
</div> </div>
</div> </div>
<div id="filter-app" class="col-lg-auto pt-1 flex-grow-1"> <div class="" style="margin-left: auto">
<div class="float-right d-flex"> <div class="btn-group">
<a v-if="!showFilter" @click="toggleFilter()" class="btn btn-outline-secondary">
<i class="fe fe-chevrons-down"></i> Filters
<div class="row mb-2" v-if="showFilter" id="filter-control">
<!-- Filter Control --> <!-- Filter Control -->
<div v-if="showFilter" id="filter-control"> <div class="col d-flex">
<form method="get" class="form-inline"> <form method="get" class="form-inline">
<select name="sort" <select name="sort"
onchange="this.form.submit()" onchange="this.form.submit()"
@ -168,6 +177,9 @@
<option value="" {% if filter == "" %} selected {% endif %}> <option value="" {% if filter == "" %} selected {% endif %}>
All Aliases All Aliases
</option> </option>
<option value="pinned" {% if filter == "pinned" %} selected {% endif %}>
Pinned Aliases
<option value="enabled" {% if filter == "enabled" %} selected {% endif %}> <option value="enabled" {% if filter == "enabled" %} selected {% endif %}>
Only Enabled Aliases Only Enabled Aliases
</option> </option>
@ -177,6 +189,20 @@
<option value="hibp" {% if filter == "hibp" %} selected {% endif %}> <option value="hibp" {% if filter == "hibp" %} selected {% endif %}>
Only Aliases Found In Data Breaches Only Aliases Found In Data Breaches
</option> </option>
{% for mailbox in current_user.mailboxes() %}
<option value="mailbox:{{ }}" {% if filter == "mailbox:" ~ %}
selected {% endif %}>
{{ }}'s aliases
{% endfor %}
{% for directory in current_user.directories %}
<option value="directory:{{ }}" {% if filter == "directory:" ~ %}
selected {% endif %}>
Directory <b>{{ }}</b> aliases
{% endfor %}
</select> </select>
<input type="search" name="query" placeholder="Enter to search for alias" <input type="search" name="query" placeholder="Enter to search for alias"
@ -184,32 +210,36 @@
style="max-width: 15em" style="max-width: 15em"
value="{{ query }}"> value="{{ query }}">
<div style="margin-left: auto">
{% if query or sort or filter %} {% if query or sort or filter %}
<a href="{{ url_for('dashboard.index') }}" <a href="{{ url_for('dashboard.index') }}"
class="btn btn-light">Reset</a> class="btn btn-outline-secondary">Reset</a>
{% endif %} {% endif %}
<div class="btn-group">
<a v-if="!showFilter" @click="toggleFilter()" class="btn btn-outline-secondary">
<i class="fe fe-chevrons-left"></i> Filters
<a v-if="showFilter" @click="toggleFilter()" class="btn btn-outline-secondary"> <a v-if="showFilter" @click="toggleFilter()" class="btn btn-outline-secondary">
<i class="fe fe-chevrons-right"></i> <i class="fe fe-chevrons-up"></i>
</a> </a>
</div> </div>
</div> </div>
</div> </div>
</div> </div>
<!-- END Controls: buttons & search -->
<!-- Alias list -->
<div class="row"> <div class="row">
{% for alias_info in alias_infos %} {% for alias_info in alias_infos %}
{% set alias = alias_info.alias %} {% set alias = alias_info.alias %}
<div class="col-12 col-lg-6"> <div class="col-12 col-lg-6" id="alias-container-{{ }}">
<div class="card p-4 shadow-sm {% if == highlight_alias_id %} highlight-row {% endif %} "> <div class="card p-4 shadow-sm {% if == highlight_alias_id %} highlight-row {% endif %} "
{% if highlight_alias_id and != highlight_alias_id %}
style="opacity: 0.6"
{% endif %}
<div class="row"> <div class="row">
<div class="col-8"> <div class="col-8">
@ -233,8 +263,8 @@
{% endif %} {% endif %}
{% if alias.pinned %} {% if alias.pinned %}
<span class="fa fa-heart" data-toggle="tooltip" <span class="fa fa-thumb-tack" data-toggle="tooltip"
title="This alias added to favorite"></span> title="This alias is pinned"></span>
{% endif %} {% endif %}
{% if alias.hibp_breaches | length > 0 %} {% if alias.hibp_breaches | length > 0 %}
@ -299,7 +329,7 @@
{{ email_log.created_at | dt }} {{ email_log.created_at | dt }}
{% endif %} {% endif %}
{% else %} {% else %}
No Activity in the last 14 days. Alias created {{ alias.created_at | dt }} No emails received/sent in the last 14 days. Created {{ alias.created_at | dt }}.
{% endif %} {% endif %}
</div> </div>
@ -307,6 +337,26 @@
</div> </div>
<!-- END Email Activity --> <!-- END Email Activity -->
<div class="small-text mt-1">Alias description</div>
<div class="d-flex mb-2">
<div class="flex-grow-1 mr-2">
id="note-{{ }}"
style="font-size: 12px"
placeholder="e.g. where the alias is used or why is it created">{{ alias.note or "" }}</textarea>
<div class="">
<a data-alias="{{ }}"
class="save-note btn btn-sm btn-outline-success w-100">
<!-- Send Email && More button --> <!-- Send Email && More button -->
<div class="row"> <div class="row">
<div class="col"> <div class="col">
@ -384,28 +434,9 @@
</div> </div>
{% endif %} {% endif %}
<div class="small-text mt-2">Alias Note</div>
<div class="d-flex">
<div class="flex-grow-1 mr-2">
id="note-{{ }}"
placeholder="e.g. where the alias is used or why is it created">{{ alias.note or "" }}</textarea>
<div class="">
<a data-alias="{{ }}"
class="save-note btn btn-sm btn-outline-success w-100">
<div class="small-text mt-2" data-toogle="tooltip" <div class="small-text mt-2" data-toogle="tooltip"
title="Alias name is used when you send or reply from alias"> title="When sending an email from this alias, the email will have 'Display Name <{{ }}>' as sender.">
Alias name Display name
<i class="fe fe-help-circle"></i> <i class="fe fe-help-circle"></i>
</div> </div>
@ -444,8 +475,8 @@
{% endif %} {% endif %}
<div class="small-text mt-2" data-toogle="tooltip" <div class="small-text mt-2" data-toogle="tooltip"
title="Add alias to favorite so it's always pinned on top"> title="it's always pinned on top">
Add to favorite Pin this alias
<i class="fe fe-help-circle"></i> <i class="fe fe-help-circle"></i>
</div> </div>
<div> <div>
@ -495,6 +526,7 @@
</div> </div>
{% endfor %} {% endfor %}
</div> </div>
<!-- END Alias list -->
<!-- Only show pagination control if there are previous/next page --> <!-- Only show pagination control if there are previous/next page -->
{% if page > 0 or not last_page %} {% if page > 0 or not last_page %}

@ -49,8 +49,15 @@
{% endif %} {% endif %}
{% elif apple_sub and apple_sub.is_valid() %} {% elif apple_sub and apple_sub.is_valid() %}
You are on the Premium plan which expires {{ apple_sub.expires_date | dt }} You are on the Premium plan (subscribed via Apple) which expires {{ apple_sub.expires_date | dt }}
({{ apple_sub.expires_date.format("YYYY-MM-DD") }}). ({{ apple_sub.expires_date.format("YYYY-MM-DD") }}).
<div class="alert alert-info">
If you want to subscribe via the Web instead, please make sure to cancel your subscription
on Apple first.
<a href="{{ url_for('dashboard.pricing') }}"
class="">Upgrade <i class="fa fa-arrow-right" aria-hidden="true"></i></a>
{% elif coinbase_sub and coinbase_sub.is_active() %} {% elif coinbase_sub and coinbase_sub.is_active() %}
You are on the Premium plan which expires {{ coinbase_sub.end_at | dt }} You are on the Premium plan which expires {{ coinbase_sub.end_at | dt }}
({{ coinbase_sub.end_at.format("YYYY-MM-DD") }}). ({{ coinbase_sub.end_at.format("YYYY-MM-DD") }}).
@ -283,14 +290,6 @@
<input type="hidden" name="form-name" value="change-sender-format"> <input type="hidden" name="form-name" value="change-sender-format">
<select class="form-control mr-sm-2" name="sender-format"> <select class="form-control mr-sm-2" name="sender-format">
{# Only show this for compatibility reason #}
{% if current_user.sender_format == SenderFormatEnum.VIA.value %}
<option value="{{ SenderFormatEnum.VIA.value }}"
{% if current_user.sender_format == SenderFormatEnum.VIA.value %} selected {% endif %}> via SimpleLogin (Not recommended)
{% endif %}
<option value="{{ SenderFormatEnum.AT.value }}" <option value="{{ SenderFormatEnum.AT.value }}"
{% if current_user.sender_format == SenderFormatEnum.AT.value %} selected {% endif %}> {% if current_user.sender_format == SenderFormatEnum.AT.value %} selected {% endif %}>
John Wick - john at John Wick - john at
@ -301,13 +300,6 @@
John Wick - john(a) John Wick - john(a)
</option> </option>
{# Only show this for compatibility reason #}
{% if current_user.sender_format == SenderFormatEnum.FULL.value %}
<option value="{{ SenderFormatEnum.FULL.value }}"
{% if current_user.sender_format == SenderFormatEnum.FULL.value %} selected {% endif %}>
John Wick - (Not recommended)
{% endif %}
</select> </select>
<button class="btn btn-outline-primary mt-3">Update</button> <button class="btn btn-outline-primary mt-3">Update</button>
@ -358,8 +350,9 @@
<input type="hidden" name="form-name" value="sender-in-ra"> <input type="hidden" name="form-name" value="sender-in-ra">
<div class="form-check"> <div class="form-check">
<input type="checkbox" id="include-sender-ra" name="enable" <input type="checkbox" id="include-sender-ra" name="enable"
{# todo: remove current_user.include_sender_in_reverse_alias is none condition #} {# todo: remove current_user.include_sender_in_reverse_alias is none condition #}
{% if current_user.include_sender_in_reverse_alias is none or current_user.include_sender_in_reverse_alias %} checked {% endif %} class="form-check-input"> {% if current_user.include_sender_in_reverse_alias is none or current_user.include_sender_in_reverse_alias %}
checked {% endif %} class="form-check-input">
<label for="include-sender-ra">Include sender address in reverse-alias</label> <label for="include-sender-ra">Include sender address in reverse-alias</label>
</div> </div>
<button type="submit" class="btn btn-outline-primary">Update</button> <button type="submit" class="btn btn-outline-primary">Update</button>
@ -389,6 +382,29 @@
</div> </div>
<!-- END Always expand alias info --> <!-- END Always expand alias info -->
<!-- Ignore Loop Email -->
<div class="card" id="ignore-loop-email-section">
<div class="card-body">
<div class="card-title">Ignore Loop Emails</div>
<div class="mb-3">
On some email clients, "Reply All" automatically includes your alias that
would send the same email to your mailbox.
You can disable these "loop" emails by enabling this option.
<form method="post" action="#ignore-loop-email-section">
<input type="hidden" name="form-name" value="ignore-loop-email">
<div class="form-check">
<input type="checkbox" id="ignore-loop-email" name="enable"
{% if current_user.ignore_loop_email %} checked {% endif %} class="form-check-input">
<label for="ignore-loop-email">Ignore Loop Emails</label>
<button type="submit" class="btn btn-outline-primary">Update</button>
<!-- END Ignore Loop Email -->
<div class="card"> <div class="card">
<div class="card-body"> <div class="card-body">
<div class="card-title">Quarantine</div> <div class="card-title">Quarantine</div>

@ -11,14 +11,13 @@ from wtforms import StringField, validators, ValidationError
from app.config import PAGE_LIMIT from app.config import PAGE_LIMIT
from app.dashboard.base import dashboard_bp from app.dashboard.base import dashboard_bp
from app.email_utils import ( from app.email_utils import (
is_valid_email, is_valid_email,
generate_reply_email, generate_reply_email,
) )
from app.extensions import db from app.extensions import db
from app.log import LOG from app.log import LOG
from app.models import Alias, Contact, EmailLog from app.models import Alias, Contact, EmailLog
from app.utils import sanitize_email
def email_validator(): def email_validator():
@ -182,8 +181,7 @@ def alias_contact_manager(alias_id):
contact_addr = contact_addr =
try: try:
contact_name, contact_email = parseaddr_unicode(contact_addr) contact_name, contact_email = parse_full_address(contact_addr)
contact_email = sanitize_email(contact_email)
except Exception: except Exception:
flash(f"{contact_addr} is invalid", "error") flash(f"{contact_addr} is invalid", "error")
return redirect( return redirect(

View file

@ -31,7 +31,7 @@ def batch_import_route():
bi = BatchImport.create(, bi = BatchImport.create(,
db.session.flush() db.session.flush()
LOG.debug("Add a batch import job %s for %s", bi, current_user) LOG.d("Add a batch import job %s for %s", bi, current_user)
# Schedule batch import job # Schedule batch import job
Job.create( Job.create(

View file

@ -21,7 +21,7 @@ def billing():
if request.method == "POST": if request.method == "POST":
if request.form.get("form-name") == "cancel": if request.form.get("form-name") == "cancel":
LOG.warning(f"User {current_user} cancels their subscription") LOG.w(f"User {current_user} cancels their subscription")
success = cancel_subscription(sub.subscription_id) success = cancel_subscription(sub.subscription_id)
if success: if success:
@ -37,7 +37,7 @@ def billing():
return redirect(url_for("dashboard.billing")) return redirect(url_for("dashboard.billing"))
elif request.form.get("form-name") == "change-monthly": elif request.form.get("form-name") == "change-monthly":
LOG.debug(f"User {current_user} changes to monthly plan") LOG.d(f"User {current_user} changes to monthly plan")
success, msg = change_plan( success, msg = change_plan(
current_user, sub.subscription_id, PADDLE_MONTHLY_PRODUCT_ID current_user, sub.subscription_id, PADDLE_MONTHLY_PRODUCT_ID
) )
@ -58,7 +58,7 @@ def billing():
return redirect(url_for("dashboard.billing")) return redirect(url_for("dashboard.billing"))
elif request.form.get("form-name") == "change-yearly": elif request.form.get("form-name") == "change-yearly":
LOG.debug(f"User {current_user} changes to yearly plan") LOG.d(f"User {current_user} changes to yearly plan")
success, msg = change_plan( success, msg = change_plan(
current_user, sub.subscription_id, PADDLE_YEARLY_PRODUCT_ID current_user, sub.subscription_id, PADDLE_YEARLY_PRODUCT_ID
) )

@ -8,7 +8,13 @@ from app.config import ADMIN_EMAIL
from app.dashboard.base import dashboard_bp from app.dashboard.base import dashboard_bp
from app.email_utils import send_email from app.email_utils import send_email
from app.extensions import db from app.extensions import db
from app.models import ManualSubscription, Coupon from app.models import (
class CouponForm(FlaskForm): class CouponForm(FlaskForm):
@ -18,18 +24,27 @@ class CouponForm(FlaskForm):
@dashboard_bp.route("/coupon", methods=["GET", "POST"]) @dashboard_bp.route("/coupon", methods=["GET", "POST"])
@login_required @login_required
def coupon_route(): def coupon_route():
if current_user.lifetime:
flash("You already have a lifetime licence", "warning")
return redirect(url_for("dashboard.index"))
# handle case user already has an active subscription via another channel (Paddle, Apple, etc) # handle case user already has an active subscription via another channel (Paddle, Apple, etc)
if current_user._lifetime_or_active_subscription(): can_use_coupon = True
manual_sub: ManualSubscription = ManualSubscription.get_by(
if current_user.lifetime:
can_use_coupon = False
sub: Subscription = current_user.get_subscription()
if sub:
can_use_coupon = False
apple_sub: AppleSubscription = AppleSubscription.get_by(
if apple_sub and apple_sub.is_valid():
can_use_coupon = False
coinbase_subscription: CoinbaseSubscription = CoinbaseSubscription.get_by(
) )
if coinbase_subscription and coinbase_subscription.is_active():
can_use_coupon = False
# user has an non-manual subscription if not can_use_coupon:
if not manual_sub or not manual_sub.is_active():
flash("You already have another subscription.", "warning") flash("You already have another subscription.", "warning")
return redirect(url_for("dashboard.index")) return redirect(url_for("dashboard.index"))
@ -63,7 +78,7 @@ def coupon_route():,,, days=1),, days=1),
comment="using coupon code", comment="using coupon code",
is_giveaway=False, is_giveaway=coupon.is_giveaway,
commit=True, commit=True,
) )
flash( flash(
@ -72,9 +87,13 @@ def coupon_route():
) )
# notify admin # notify admin
if coupon.is_giveaway:
subject = f"User {current_user} applies a (free) coupon"
subject = f"User {current_user} applies a (paid) coupon"
send_email( send_email(
subject=f"User {current_user} applies the coupon", subject=subject,
plaintext="", plaintext="",
html="", html="",
) )

@ -249,11 +249,11 @@ def custom_alias():
signed_alias_suffix_decoded signed_alias_suffix_decoded
) )
except SignatureExpired: except SignatureExpired:
LOG.warning("Alias creation time expired for %s", current_user) LOG.w("Alias creation time expired for %s", current_user)
flash("Alias creation time is expired, please retry", "warning") flash("Alias creation time is expired, please retry", "warning")
return redirect(url_for("dashboard.custom_alias")) return redirect(url_for("dashboard.custom_alias"))
except Exception: except Exception:
LOG.warning("Alias suffix is tampered, user %s", current_user) LOG.w("Alias suffix is tampered, user %s", current_user)
flash("Unknown error, refresh the page", "error") flash("Unknown error, refresh the page", "error")
return redirect(url_for("dashboard.custom_alias")) return redirect(url_for("dashboard.custom_alias"))
@ -281,7 +281,7 @@ def custom_alias():
) )
else: else:
# should never happen as user can only choose their domains # should never happen as user can only choose their domains
LOG.exception( LOG.e(
"Deleted Alias %s does not belong to user %s", "Deleted Alias %s does not belong to user %s",
domain_deleted_alias, domain_deleted_alias,
) )
@ -309,7 +309,7 @@ def custom_alias():
) )
db.session.flush() db.session.flush()
except IntegrityError: except IntegrityError:
LOG.warning("Alias %s already exists", full_alias) LOG.w("Alias %s already exists", full_alias)
db.session.rollback() db.session.rollback()
flash("Unknown error, please retry", "error") flash("Unknown error, please retry", "error")
return redirect(url_for("dashboard.custom_alias")) return redirect(url_for("dashboard.custom_alias"))
@ -351,7 +351,7 @@ def verify_prefix_suffix(user: User, alias_prefix, alias_suffix) -> bool:
# alias_domain must be either one of user custom domains or built-in domains # alias_domain must be either one of user custom domains or built-in domains
if alias_domain not in user.available_alias_domains(): if alias_domain not in user.available_alias_domains():
LOG.exception("wrong alias suffix %s, user %s", alias_suffix, user) LOG.e("wrong alias suffix %s, user %s", alias_suffix, user)
return False return False
# SimpleLogin domain case: # SimpleLogin domain case:
@ -365,17 +365,17 @@ def verify_prefix_suffix(user: User, alias_prefix, alias_suffix) -> bool:
): ):
if not alias_domain_prefix.startswith("."): if not alias_domain_prefix.startswith("."):
LOG.exception("User %s submits a wrong alias suffix %s", user, alias_suffix) LOG.e("User %s submits a wrong alias suffix %s", user, alias_suffix)
return False return False
else: else:
if alias_domain not in user_custom_domains: if alias_domain not in user_custom_domains:
LOG.exception("wrong alias suffix %s, user %s", alias_suffix, user) LOG.e("wrong alias suffix %s, user %s", alias_suffix, user)
return False return False
if alias_domain not in user.available_sl_domains(): if alias_domain not in user.available_sl_domains():
LOG.exception("wrong alias suffix %s, user %s", alias_suffix, user) LOG.e("wrong alias suffix %s, user %s", alias_suffix, user)
return False return False
return True return True

@ -88,43 +88,6 @@ def custom_domain():,,
) )
) )
elif request.form.get("form-name") == "update":
domain_id = request.form.get("domain-id")
domain = CustomDomain.get(domain_id)
if not domain or domain.user_id !=
flash("Unknown error. Refresh the page", "warning")
return redirect(url_for("dashboard.custom_domain"))
mailbox_ids = request.form.getlist("mailbox_ids")
# check if mailbox is not tempered with
mailboxes = []
for mailbox_id in mailbox_ids:
mailbox = Mailbox.get(mailbox_id)
if (
not mailbox
or mailbox.user_id !=
or not mailbox.verified
flash("Something went wrong, please retry", "warning")
return redirect(url_for("dashboard.custom_domain"))
if not mailboxes:
flash("You must select at least 1 mailbox", "warning")
return redirect(url_for("dashboard.custom_domain"))
# first remove all existing domain-mailboxes links
for mailbox in mailboxes:
flash(f"Domain {domain.domain} has been updated", "success")
return redirect(url_for("dashboard.custom_domain"))
return render_template( return render_template(
"dashboard/custom_domain.html", "dashboard/custom_domain.html",

@ -1,7 +1,10 @@
import re2 as re
from threading import Thread from threading import Thread
from flask import render_template, request, redirect, url_for, flash from flask import render_template, request, redirect, url_for, flash
from flask_login import login_required, current_user from flask_login import login_required, current_user
from flask_wtf import FlaskForm
from wtforms import StringField, validators, IntegerField
from app.dashboard.base import dashboard_bp from app.dashboard.base import dashboard_bp
@ -14,29 +17,65 @@ from app.dns_utils import (
from app.email_utils import send_email from app.email_utils import send_email
from app.extensions import db from app.extensions import db
from app.log import LOG from app.log import LOG
from app.models import CustomDomain, Alias, DomainDeletedAlias from app.models import (
from app.utils import random_string
@dashboard_bp.route("/domains/<int:custom_domain_id>/dns", methods=["GET", "POST"]) @dashboard_bp.route("/domains/<int:custom_domain_id>/dns", methods=["GET", "POST"])
@login_required @login_required
def domain_detail_dns(custom_domain_id): def domain_detail_dns(custom_domain_id):
custom_domain = CustomDomain.get(custom_domain_id) custom_domain: CustomDomain = CustomDomain.get(custom_domain_id)
if not custom_domain or custom_domain.user_id != if not custom_domain or custom_domain.user_id !=
flash("You cannot see this page", "warning") flash("You cannot see this page", "warning")
return redirect(url_for("dashboard.index")) return redirect(url_for("dashboard.index"))
spf_record = f"v=spf1 include:{EMAIL_DOMAIN} -all" # generate a domain ownership txt token if needed
if not custom_domain.ownership_verified and not custom_domain.ownership_txt_token:
custom_domain.ownership_txt_token = random_string(30)
spf_record = f"v=spf1 include:{EMAIL_DOMAIN} ~all"
# hardcode the DKIM selector here # hardcode the DKIM selector here
dkim_cname = f"dkim._domainkey.{EMAIL_DOMAIN}" dkim_cname = f"dkim._domainkey.{EMAIL_DOMAIN}"
dmarc_record = "v=DMARC1; p=quarantine; pct=100; adkim=s; aspf=s" dmarc_record = "v=DMARC1; p=quarantine; pct=100; adkim=s; aspf=s"
mx_ok = spf_ok = dkim_ok = dmarc_ok = True mx_ok = spf_ok = dkim_ok = dmarc_ok = ownership_ok = True
mx_errors = spf_errors = dkim_errors = dmarc_errors = [] mx_errors = spf_errors = dkim_errors = dmarc_errors = ownership_errors = []
if request.method == "POST": if request.method == "POST":
if request.form.get("form-name") == "check-mx": if request.form.get("form-name") == "check-ownership":
txt_records = get_txt_record(custom_domain.domain)
if custom_domain.get_ownership_dns_txt_value() in txt_records:
"Domain ownership is verified. Please proceed to the other records setup",
custom_domain.ownership_verified = True
return redirect(
flash("We can't find the needed TXT record", "error")
ownership_ok = False
ownership_errors = txt_records
elif request.form.get("form-name") == "check-mx":
mx_domains = get_mx_domains(custom_domain.domain) mx_domains = get_mx_domains(custom_domain.domain)
if sorted(mx_domains) != sorted(EMAIL_SERVERS_WITH_PRIORITY): if sorted(mx_domains) != sorted(EMAIL_SERVERS_WITH_PRIORITY):
@ -130,7 +169,9 @@ def domain_detail_dns(custom_domain_id):
@dashboard_bp.route("/domains/<int:custom_domain_id>/info", methods=["GET", "POST"]) @dashboard_bp.route("/domains/<int:custom_domain_id>/info", methods=["GET", "POST"])
@login_required @login_required
def domain_detail(custom_domain_id): def domain_detail(custom_domain_id):
custom_domain = CustomDomain.get(custom_domain_id) custom_domain: CustomDomain = CustomDomain.get(custom_domain_id)
mailboxes = current_user.mailboxes()
if not custom_domain or custom_domain.user_id != if not custom_domain or custom_domain.user_id !=
flash("You cannot see this page", "warning") flash("You cannot see this page", "warning")
return redirect(url_for("dashboard.index")) return redirect(url_for("dashboard.index"))
@ -191,6 +232,47 @@ def domain_detail(custom_domain_id):
return redirect( return redirect(
url_for("dashboard.domain_detail", url_for("dashboard.domain_detail",
) )
elif request.form.get("form-name") == "update":
mailbox_ids = request.form.getlist("mailbox_ids")
# check if mailbox is not tempered with
mailboxes = []
for mailbox_id in mailbox_ids:
mailbox = Mailbox.get(mailbox_id)
if (
not mailbox
or mailbox.user_id !=
or not mailbox.verified
flash("Something went wrong, please retry", "warning")
return redirect(
if not mailboxes:
flash("You must select at least 1 mailbox", "warning")
return redirect(
# first remove all existing domain-mailboxes links
for mailbox in mailboxes:
flash(f"{custom_domain.domain} mailboxes has been updated", "success")
return redirect(
elif request.form.get("form-name") == "delete": elif request.form.get("form-name") == "delete":
name = custom_domain.domain name = custom_domain.domain
LOG.d("Schedule deleting %s", custom_domain) LOG.d("Schedule deleting %s", custom_domain)
@ -208,7 +290,7 @@ def domain_detail(custom_domain_id):
return render_template("dashboard/domain_detail/info.html", **locals()) return render_template("dashboard/domain_detail/info.html", **locals())
def delete_domain(custom_domain_id: CustomDomain): def delete_domain(custom_domain_id: int):
from server import create_light_app from server import create_light_app
with create_light_app().app_context(): with create_light_app().app_context():
@ -288,3 +370,167 @@ def domain_detail_trash(custom_domain_id):
domain_deleted_aliases=domain_deleted_aliases, domain_deleted_aliases=domain_deleted_aliases,
custom_domain=custom_domain, custom_domain=custom_domain,
) )
class AutoCreateRuleForm(FlaskForm):
regex = StringField(
"regex", validators=[validators.DataRequired(), validators.Length(max=128)]
order = IntegerField(
validators=[validators.DataRequired(), validators.NumberRange(min=0, max=100)],
class AutoCreateTestForm(FlaskForm):
local = StringField(
"local part", validators=[validators.DataRequired(), validators.Length(max=128)]
"/domains/<int:custom_domain_id>/auto-create", methods=["GET", "POST"]
def domain_detail_auto_create(custom_domain_id):
custom_domain: CustomDomain = CustomDomain.get(custom_domain_id)
mailboxes = current_user.mailboxes()
new_auto_create_rule_form = AutoCreateRuleForm()
auto_create_test_form = AutoCreateTestForm()
auto_create_test_local, auto_create_test_result, auto_create_test_passed = (
if not custom_domain or custom_domain.user_id !=
flash("You cannot see this page", "warning")
return redirect(url_for("dashboard.index"))
if request.method == "POST":
if request.form.get("form-name") == "create-auto-create-rule":
if new_auto_create_rule_form.validate():
# make sure order isn't used before
for auto_create_rule in custom_domain.auto_create_rules:
auto_create_rule: AutoCreateRule
if auto_create_rule.order == int(
"Another rule with the same order already exists", "error"
mailbox_ids = request.form.getlist("mailbox_ids")
# check if mailbox is not tempered with
mailboxes = []
for mailbox_id in mailbox_ids:
mailbox = Mailbox.get(mailbox_id)
if (
not mailbox
or mailbox.user_id !=
or not mailbox.verified
flash("Something went wrong, please retry", "warning")
return redirect(
if not mailboxes:
flash("You must select at least 1 mailbox", "warning")
return redirect(
f"Invalid regex {}",
return redirect(
rule = AutoCreateRule.create(,
for mailbox in mailboxes:
flash("New auto create rule has been created", "success")
return redirect(
elif request.form.get("form-name") == "delete-auto-create-rule":
rule_id = request.form.get("rule-id")
rule: AutoCreateRule = AutoCreateRule.get(int(rule_id))
if not rule or rule.custom_domain_id !=
flash("Something wrong, please retry", "error")
return redirect(
rule_order = rule.order
flash(f"Rule #{rule_order} has been deleted", "success")
return redirect(
elif request.form.get("form-name") == "test-auto-create-rule":
if auto_create_test_form.validate():
local =
auto_create_test_local = local
for rule in custom_domain.auto_create_rules:
rule: AutoCreateRule
regex = re.compile(rule.regex)
if re.fullmatch(regex, local):
auto_create_test_result = (
f"{local}@{custom_domain.domain} passes rule #{rule.order}"
auto_create_test_passed = True
else: # no rule passes
auto_create_test_result = (
f"{local}@{custom_domain.domain} doesn't pass any rule"
return render_template(
"dashboard/domain_detail/auto-create.html", **locals()
return render_template("dashboard/domain_detail/auto-create.html", **locals())

@ -30,10 +30,10 @@ def enter_sudo():
# User comes to sudo page from another page # User comes to sudo page from another page
next_url = request.args.get("next") next_url = request.args.get("next")
if next_url: if next_url:
LOG.debug("redirect user to %s", next_url) LOG.d("redirect user to %s", next_url)
return redirect(next_url) return redirect(next_url)
else: else:
LOG.debug("redirect user to dashboard") LOG.d("redirect user to dashboard")
return redirect(url_for("dashboard.index")) return redirect(url_for("dashboard.index"))
else: else:
flash("Incorrect password", "warning") flash("Incorrect password", "warning")

@ -55,7 +55,7 @@ def fido_setup():
try: try:
fido_credential = fido_reg_response.verify() fido_credential = fido_reg_response.verify()
except Exception as e: except Exception as e:
LOG.warning(f"An error occurred in WebAuthn registration process: {e}") LOG.w(f"An error occurred in WebAuthn registration process: {e}")
flash("Key registration failed.", "warning") flash("Key registration failed.", "warning")
return redirect(url_for("dashboard.index")) return redirect(url_for("dashboard.index"))

@ -4,7 +4,7 @@ from flask import render_template, request, redirect, url_for, flash
from flask_login import login_required, current_user from flask_login import login_required, current_user
from app import alias_utils from app import alias_utils
from app.api.serializer import get_alias_infos_with_pagination_v3 from app.api.serializer import get_alias_infos_with_pagination_v3, get_alias_info_v3
from app.config import PAGE_LIMIT, ALIAS_LIMIT from app.config import PAGE_LIMIT, ALIAS_LIMIT
from app.dashboard.base import dashboard_bp from app.dashboard.base import dashboard_bp
from app.extensions import db, limiter from app.extensions import db, limiter
@ -69,7 +69,7 @@ def index():
try: try:
highlight_alias_id = int(request.args.get("highlight_alias_id")) highlight_alias_id = int(request.args.get("highlight_alias_id"))
except ValueError: except ValueError:
LOG.warning( LOG.w(
"highlight_alias_id must be a number, received %s", "highlight_alias_id must be a number, received %s",
request.args.get("highlight_alias_id"), request.args.get("highlight_alias_id"),
) )
@ -150,11 +150,29 @@ def index():
stats = get_stats(current_user) stats = get_stats(current_user)
mailbox_id = None
if alias_filter and alias_filter.startswith("mailbox:"):
mailbox_id = int(alias_filter[len("mailbox:") :])
directory_id = None
if alias_filter and alias_filter.startswith("directory:"):
directory_id = int(alias_filter[len("directory:") :])
alias_infos = get_alias_infos_with_pagination_v3( alias_infos = get_alias_infos_with_pagination_v3(
current_user, page, query, sort, alias_filter current_user, page, query, sort, alias_filter, mailbox_id, directory_id
) )
last_page = len(alias_infos) < PAGE_LIMIT last_page = len(alias_infos) < PAGE_LIMIT
# add highlighted alias in case it's not included
if highlight_alias_id and highlight_alias_id not in [ for alias_info in alias_infos
highlight_alias_info = get_alias_info_v3(
current_user, alias_id=highlight_alias_id
if highlight_alias_info:
alias_infos.insert(0, highlight_alias_info)
return render_template( return render_template(
"dashboard/index.html", "dashboard/index.html",
alias_infos=alias_infos, alias_infos=alias_infos,

@ -1,3 +1,5 @@
from threading import Thread
from flask import render_template, request, redirect, url_for, flash from flask import render_template, request, redirect, url_for, flash
from flask_login import login_required, current_user from flask_login import login_required, current_user
from flask_wtf import FlaskForm from flask_wtf import FlaskForm
@ -49,10 +51,13 @@ def mailbox_route():
flash("You cannot delete default mailbox", "error") flash("You cannot delete default mailbox", "error")
return redirect(url_for("dashboard.mailbox_route")) return redirect(url_for("dashboard.mailbox_route"))
email = LOG.d("Schedule deleting %s", mailbox)
Mailbox.delete(mailbox_id) Thread(target=delete_mailbox, args=(,)).start()
db.session.commit() flash(
flash(f"Mailbox {email} has been deleted", "success") f"Mailbox {} scheduled for deletion."
f"You will receive a confirmation email when the deletion is finished",
return redirect(url_for("dashboard.mailbox_route")) return redirect(url_for("dashboard.mailbox_route"))
if request.form.get("form-name") == "set-default": if request.form.get("form-name") == "set-default":
@ -119,6 +124,32 @@ def mailbox_route():
) )
def delete_mailbox(mailbox_id: int):
from server import create_light_app
with create_light_app().app_context():
mailbox = Mailbox.get(mailbox_id)
if not mailbox:
mailbox_email =
user = mailbox.user
LOG.d("Mailbox %s %s deleted", mailbox_id, mailbox_email)
f"Your mailbox {mailbox_email} has been deleted",
f"""Mailbox {mailbox_email} along with its aliases are deleted successfully.
SimpleLogin team.
def send_verification_email(user, mailbox): def send_verification_email(user, mailbox):
mailbox_id_signed = s.sign(str( mailbox_id_signed = s.sign(str(

@ -251,18 +251,24 @@ def cancel_mailbox_change_route(mailbox_id):
@dashboard_bp.route("/mailbox/confirm_change") @dashboard_bp.route("/mailbox/confirm_change")
def mailbox_confirm_change_route(): def mailbox_confirm_change_route():
mailbox_id = request.args.get("mailbox_id") signed_mailbox_id = request.args.get("mailbox_id")
try: try:
r_id = int(s.unsign(mailbox_id)) mailbox_id = int(s.unsign(signed_mailbox_id))
except Exception: except Exception:
flash("Invalid link", "error") flash("Invalid link", "error")
return redirect(url_for("dashboard.index")) return redirect(url_for("dashboard.index"))
else: else:
mailbox = Mailbox.get(r_id) mailbox = Mailbox.get(mailbox_id)
# new_email can be None if user cancels change in the meantime # new_email can be None if user cancels change in the meantime
if mailbox and mailbox.new_email: if mailbox and mailbox.new_email:
if Mailbox.get_by(email=mailbox.new_email):
flash(f"{mailbox.new_email} is already used", "error")
return redirect(
) = mailbox.new_email = mailbox.new_email
mailbox.new_email = None mailbox.new_email = None

@ -12,6 +12,7 @@ from app.config import (
) )
from app.dashboard.base import dashboard_bp from app.dashboard.base import dashboard_bp
from app.log import LOG from app.log import LOG
from app.models import AppleSubscription
@dashboard_bp.route("/pricing", methods=["GET", "POST"]) @dashboard_bp.route("/pricing", methods=["GET", "POST"])
@ -21,6 +22,10 @@ def pricing():
flash("You are already a premium user", "warning") flash("You are already a premium user", "warning")
return redirect(url_for("dashboard.index")) return redirect(url_for("dashboard.index"))
apple_sub: AppleSubscription = AppleSubscription.get_by(
if apple_sub and apple_sub.is_valid():
flash("Please make sure to cancel your subscription on Apple first", "warning")
return render_template( return render_template(
"dashboard/pricing.html", "dashboard/pricing.html",

@ -1,4 +1,4 @@
import re import re2 as re
from flask import render_template, request, flash, redirect, url_for from flask import render_template, request, flash, redirect, url_for
from flask_login import login_required, current_user from flask_login import login_required, current_user

@ -15,7 +15,7 @@ def refused_email_route():
try: try:
highlight_id = int(highlight_id) highlight_id = int(highlight_id)
except ValueError: except ValueError:
LOG.warning("Cannot parse highlight_id %s", highlight_id) LOG.w("Cannot parse highlight_id %s", highlight_id)
highlight_id = None highlight_id = None
email_logs: [EmailLog] = ( email_logs: [EmailLog] = (

@ -105,7 +105,7 @@ def setting():
other_email_change: EmailChange = EmailChange.get_by( other_email_change: EmailChange = EmailChange.get_by(
new_email=new_email new_email=new_email
) )
LOG.warning( LOG.w(
"Another user has a pending %s with the same email address. Current user:%s", "Another user has a pending %s with the same email address. Current user:%s",
other_email_change, other_email_change,
current_user, current_user,
@ -193,7 +193,7 @@ def setting():
return redirect(url_for("dashboard.setting")) return redirect(url_for("dashboard.setting"))
# Schedule delete account job # Schedule delete account job
LOG.warning("schedule delete account job for %s", current_user) LOG.w("schedule delete account job for %s", current_user)
Job.create( Job.create(
payload={"user_id":}, payload={"user_id":},
@ -236,7 +236,7 @@ def setting():
custom_domain.user_id != custom_domain.user_id !=
or not custom_domain.verified or not custom_domain.verified
): ):
LOG.exception( LOG.e(
"%s cannot use domain %s", current_user, default_domain "%s cannot use domain %s", current_user, default_domain
) )
else: else:
@ -300,6 +300,15 @@ def setting():
db.session.commit() db.session.commit()
flash("Your preference has been updated", "success") flash("Your preference has been updated", "success")
return redirect(url_for("dashboard.setting")) return redirect(url_for("dashboard.setting"))
elif request.form.get("form-name") == "ignore-loop-email":
choose = request.form.get("enable")
if choose == "on":
current_user.ignore_loop_email = True
current_user.ignore_loop_email = False
flash("Your preference has been updated", "success")
return redirect(url_for("dashboard.setting"))
elif request.form.get("form-name") == "export-data": elif request.form.get("form-name") == "export-data":
return redirect(url_for("api.export_data")) return redirect(url_for("api.export_data"))

@ -59,5 +59,5 @@ def get_spam_score(
return get_spam_score(message, email_log, can_retry=False) return get_spam_score(message, email_log, can_retry=False)
else: else:
# return a negative score so the message is always considered as ham # return a negative score so the message is always considered as ham
LOG.exception("SpamAssassin exception, ignore spam check") LOG.e("SpamAssassin exception, ignore spam check")
return -999, None return -999, None

@ -11,6 +11,12 @@ E206 = "250 SL E206 Out of office"
# if mail_from is a IgnoreBounceSender, no need to send back a bounce report # if mail_from is a IgnoreBounceSender, no need to send back a bounce report
E207 = "250 SL E207 No bounce report" E207 = "250 SL E207 No bounce report"
E208 = "250 SL E208 Hotmail complaint handled"
E209 = "250 SL E209 Email Loop"
E210 = "250 SL E210 Yahoo complaint handled"
# 4** errors # 4** errors
# E401 = "421 SL E401 Retry later" # E401 = "421 SL E401 Retry later"
E402 = "421 SL E402 Encryption failed - Retry later" E402 = "421 SL E402 Encryption failed - Retry later"
@ -45,3 +51,4 @@ E522 = (
"550 SL E522 The user you are trying to contact is receiving mail " "550 SL E522 The user you are trying to contact is receiving mail "
"at a rate that prevents additional messages from being delivered." "at a rate that prevents additional messages from being delivered."
) )
E523 = "550 SL E523 Unknown error"

@ -1,26 +1,33 @@
import base64 import base64
import email
import enum import enum
import os import os
import quopri import quopri
import random import random
import re
import time import time
from email.errors import HeaderParseError import uuid
from email.header import decode_header from copy import deepcopy
from email import policy, message_from_bytes, message_from_string
from email.header import decode_header, Header
from email.message import Message from email.message import Message
from email.mime.multipart import MIMEMultipart from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText from email.mime.text import MIMEText
from email.utils import make_msgid, formatdate, parseaddr from email.utils import make_msgid, formatdate
from smtplib import SMTP, SMTPServerDisconnected from smtplib import SMTP, SMTPServerDisconnected, SMTPException
from typing import Tuple, List, Optional from typing import Tuple, List, Optional, Union
import arrow import arrow
import dkim import dkim
import re2 as re
import spf import spf
from email_validator import (
from flanker.addresslib import address
from flanker.addresslib.address import EmailAddress
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader
from sqlalchemy import func from sqlalchemy import func
from validate_email import validate_email
from app.config import ( from app.config import (
@ -29,7 +36,6 @@ from app.config import (
@ -44,6 +50,8 @@ from app.config import (
) )
from app.dns_utils import get_mx_domains from app.dns_utils import get_mx_domains
from app.extensions import db from app.extensions import db
@ -290,8 +298,6 @@ def send_email(
msg_raw = to_bytes(msg) msg_raw = to_bytes(msg)
transaction = TransactionalEmail.get_by(email=to_email)
if not transaction:
transaction = TransactionalEmail.create(email=to_email, commit=True) transaction = TransactionalEmail.create(email=to_email, commit=True)
# use a different envelope sender for each transactional email (aka VERP) # use a different envelope sender for each transactional email (aka VERP)
@ -307,6 +313,7 @@ def send_email_with_rate_control(
html=None, html=None,
max_nb_alert=MAX_ALERT_24H, max_nb_alert=MAX_ALERT_24H,
nb_day=1, nb_day=1,
) -> bool: ) -> bool:
"""Same as send_email with rate control over alert_type. """Same as send_email with rate control over alert_type.
Make sure no more than `max_nb_alert` emails are sent over the period of `nb_day` days Make sure no more than `max_nb_alert` emails are sent over the period of `nb_day` days
@ -322,7 +329,7 @@ def send_email_with_rate_control(
) )
if nb_alert >= max_nb_alert: if nb_alert >= max_nb_alert:
LOG.warning( LOG.w(
"%s emails were sent to %s in the last %s days, alert type %s", "%s emails were sent to %s in the last %s days, alert type %s",
nb_alert, nb_alert,
to_email, to_email,
@ -333,7 +340,15 @@ def send_email_with_rate_control(
SentAlert.create(, alert_type=alert_type, to_email=to_email) SentAlert.create(, alert_type=alert_type, to_email=to_email)
db.session.commit() db.session.commit()
if ignore_smtp_error:
send_email(to_email, subject, plaintext, html) send_email(to_email, subject, plaintext, html)
except SMTPException:
LOG.w("Cannot send email to %s, subject %s", to_email, subject)
send_email(to_email, subject, plaintext, html)
return True return True
@ -358,7 +373,7 @@ def send_email_at_most_times(
).count() ).count()
if nb_alert >= max_times: if nb_alert >= max_times:
LOG.warning( LOG.w(
"%s emails were sent to %s alert type %s", "%s emails were sent to %s alert type %s",
nb_alert, nb_alert,
to_email, to_email,
@ -376,8 +391,12 @@ def get_email_local_part(address) -> str:
""" """
Get the local part from email Get the local part from email -> ab -> ab
Convert the local part to lowercase
""" """
return address[: address.find("@")] r: ValidatedEmail = validate_email(
address, check_deliverability=False, allow_smtputf8=False
return r.local_part.lower()
def get_email_domain_part(address): def get_email_domain_part(address):
@ -389,7 +408,39 @@ def get_email_domain_part(address):
return address[address.find("@") + 1 :] return address[address.find("@") + 1 :]
# headers used to DKIM sign in order of preference
[b"Message-ID", b"Date", b"Subject", b"From", b"To"],
[b"From", b"To"],
[b"Message-ID", b"Date"],
def add_dkim_signature(msg: Message, email_domain: str): def add_dkim_signature(msg: Message, email_domain: str):
for dkim_headers in _DKIM_HEADERS:
add_dkim_signature_with_header(msg, email_domain, dkim_headers)
except dkim.DKIMException:
LOG.w("DKIM fail with %s", dkim_headers, exc_info=True)
# try with another headers
# To investigate why some emails can't be DKIM signed. todo: remove
file_name = str(uuid.uuid4()) + ".eml"
with open(os.path.join(TEMP_DIR, file_name), "wb") as f:
LOG.w("email saved to %s", file_name)
raise Exception("Cannot create DKIM signature")
def add_dkim_signature_with_header(
msg: Message, email_domain: str, dkim_headers: [bytes]
delete_header(msg, "DKIM-Signature") delete_header(msg, "DKIM-Signature")
# Specify headers in "byte" form # Specify headers in "byte" form
email_domain.encode(), email_domain.encode(),
include_headers=DKIM_HEADERS, include_headers=dkim_headers,
) )
sig = sig.decode() sig = sig.decode()
del msg._headers[i] del msg._headers[i]
def can_create_directory_for_address(address: str) -> bool: def can_create_directory_for_address(email_address: str) -> bool:
"""return True if an email ends with one of the alias domains provided by SimpleLogin""" """return True if an email ends with one of the alias domains provided by SimpleLogin"""
# not allow creating directory with premium domain # not allow creating directory with premium domain
for domain in ALIAS_DOMAINS: for domain in ALIAS_DOMAINS:
if address.endswith("@" + domain): if email_address.endswith("@" + domain):
return True return True
return False return False
def is_valid_alias_address_domain(address) -> bool: def is_valid_alias_address_domain(email_address) -> bool:
"""Return whether an address domain might a domain handled by SimpleLogin""" """Return whether an address domain might a domain handled by SimpleLogin"""
domain = get_email_domain_part(address) domain = get_email_domain_part(email_address)
if SLDomain.get_by(domain=domain): if SLDomain.get_by(domain=domain):
return True return True
return False return False
def email_can_be_used_as_mailbox(email: str) -> bool: def email_can_be_used_as_mailbox(email_address: str) -> bool:
"""Return True if an email can be used as a personal email. """Return True if an email can be used as a personal email.
Use the email domain as criteria. A domain can be used if it is not: Use the email domain as criteria. A domain can be used if it is not:
@ -478,7 +529,13 @@ def email_can_be_used_as_mailbox(email: str) -> bool:
- one of custom domains - one of custom domains
- a disposable domain - a disposable domain
""" """
domain = get_email_domain_part(email) try:
domain = validate_email(
email_address, check_deliverability=False, allow_smtputf8=False
except EmailNotValidError:
return False
if not domain: if not domain:
return False return False
return [d[:-1] for _, d in priority_domains] return [d[:-1] for _, d in priority_domains]
def personal_email_already_used(email: str) -> bool: def personal_email_already_used(email_address: str) -> bool:
"""test if an email can be used as user email""" """test if an email can be used as user email"""
if User.get_by(email=email): if User.get_by(email=email_address):
return True return True
return False return False
@ -566,6 +623,30 @@ def get_orig_message_from_bounce(msg: Message) -> Message:
return part return part
def get_orig_message_from_hotmail_complaint(msg: Message) -> Message:
i = 0
for part in msg.walk():
i += 1
# 1st part is the container
# 2nd part is the empty body
# 3rd is original message
return part
def get_orig_message_from_yahoo_complaint(msg: Message) -> Message:
i = 0
for part in msg.walk():
i += 1
def get_header_from_bounce(msg: Message, header: str) -> str: def get_header_from_bounce(msg: Message, header: str) -> str:
"""using regex to get header value from bounce message """using regex to get header value from bounce message
get_orig_message_from_bounce is better. This should be the last option get_orig_message_from_bounce is better. This should be the last option
@ -631,77 +712,53 @@ def get_spam_from_header(spam_status_header, max_score=None) -> (bool, str):
) )
score = float(score_section[len("score=") :]) score = float(score_section[len("score=") :])
if score >= max_score: if score >= max_score:
LOG.warning("Spam score %s exceeds %s", score, max_score) LOG.w("Spam score %s exceeds %s", score, max_score)
return True, spam_status_header return True, spam_status_header
return spamassassin_answer.lower() == "yes", spam_status_header return spamassassin_answer.lower() == "yes", spam_status_header
def get_header_unicode(header: str) -> str: def get_header_unicode(header: Union[str, Header]) -> str:
Convert a header to unicode
Should be used to handle headers like From:, To:, CC:, Subject:
return "" return ""
decoded_string, charset = decode_header(header)[0] ret = ""
if charset is not None: for to_decoded_str, charset in decode_header(header):
try: if charset is None:
return decoded_string.decode(charset) if type(to_decoded_str) is bytes:
except UnicodeDecodeError: decoded_str = to_decoded_str.decode()
LOG.warning("Cannot decode header %s", header)
except LookupError: # charset is unknown
LOG.warning("Cannot decode %s with %s, use utf-8", decoded_string, charset)
return decoded_string.decode("utf-8")
except UnicodeDecodeError:
LOG.warning("Cannot UTF-8 decode %s", decoded_string)
return decoded_string.decode("utf-8", errors="replace")
return header
def parseaddr_unicode(addr) -> (str, str):
"""Like parseaddr() but return name in unicode instead of in RFC 2047 format
Should be used instead of parseaddr()
'=?UTF-8?B?TmjGoW4gTmd1eeG7hW4=?= <>' -> ('Nhơn Nguyễn', "")
# sometimes linebreaks are present in addr
addr = addr.replace("\n", "").strip()
name, email = parseaddr(addr)
# email can have whitespace so we can't remove whitespace here
email = email.strip().lower()
name = name.strip()
decoded_string, charset = decode_header(name)[0]
except HeaderParseError: # fail in case
LOG.warning("Can't decode name %s", name)
else: else:
name = decoded_string.decode(charset)
except UnicodeDecodeError:
LOG.warning("Cannot decode addr name %s", name)
name = ""
except LookupError: # charset is unknown
"Cannot decode %s with %s, use utf-8", decoded_string, charset
name = decoded_string.decode("utf-8")
name = decoded_string try:
decoded_str = to_decoded_str.decode(charset)
except (LookupError, UnicodeDecodeError): # charset is unknown
LOG.w("Cannot decode %s with %s, try utf-8", to_decoded_str, charset)
decoded_str = to_decoded_str.decode("utf-8")
except UnicodeDecodeError:
LOG.w("Cannot UTF-8 decode %s", to_decoded_str)
decoded_str = to_decoded_str.decode("utf-8", errors="replace")
ret += decoded_str
if type(name) == bytes: return ret
name = name.decode()
return name, email
def copy(msg: Message) -> Message: def copy(msg: Message) -> Message:
"""return a copy of message""" """return a copy of message"""
try: try:
# prefer the unicode way return deepcopy(msg)
return email.message_from_string(msg.as_string()) except Exception:
LOG.w("deepcopy fails, try string parsing")
return message_from_string(msg.as_string())
except (UnicodeEncodeError, KeyError, LookupError): except (UnicodeEncodeError, KeyError, LookupError):
LOG.warning("as_string() fails, try to_bytes") LOG.w("as_string() fails, try bytes parsing")
return email.message_from_bytes(to_bytes(msg)) return message_from_bytes(to_bytes(msg))
def to_bytes(msg: Message): def to_bytes(msg: Message):
try: try:
return msg.as_bytes() return msg.as_bytes()
except UnicodeEncodeError: except UnicodeEncodeError:
LOG.warning("as_bytes fails with default policy, try SMTP policy") LOG.w("as_bytes fails with default policy, try SMTP policy")
try: try:
return msg.as_bytes(policy=email.policy.SMTP) return msg.as_bytes(policy=policy.SMTP)
except UnicodeEncodeError: except UnicodeEncodeError:
LOG.warning("as_bytes fails with SMTP policy, try SMTPUTF8 policy") LOG.w("as_bytes fails with SMTP policy, try SMTPUTF8 policy")
try: try:
return msg.as_bytes(policy=email.policy.SMTPUTF8) return msg.as_bytes(policy=policy.SMTPUTF8)
except UnicodeEncodeError: except UnicodeEncodeError:
msg_string = msg.as_string() msg_string = msg.as_string()
try: try:
return msg_string.encode() return msg_string.encode()
@ -740,10 +795,16 @@ def should_add_dkim_signature(domain: str) -> bool:
def is_valid_email(email_address: str) -> bool: def is_valid_email(email_address: str) -> bool:
"""Used to check whether an email address is valid""" """
return validate_email( Used to check whether an email address is valid
email_address=email_address, check_mx=False, use_blacklist=False NOT run MX check.
) NOT allow unicode.
validate_email(email_address, check_deliverability=False, allow_smtputf8=False)
return True
except EmailNotValidError:
return False
class EmailEncoding(enum.Enum): class EmailEncoding(enum.Enum):
@ -773,7 +834,7 @@ def get_encoding(msg: Message) -> EmailEncoding:
if cte in ("",): if cte in ("",):
return EmailEncoding.NO return EmailEncoding.NO
return EmailEncoding.NO return EmailEncoding.NO
@ -870,6 +931,7 @@ def replace(msg: Message, old, new) -> Message:
or content_type == "text/calendar" or content_type == "text/calendar"
or content_type == "text/directory" or content_type == "text/directory"
or content_type == "text/csv" or content_type == "text/csv"
or content_type == "text/x-python-script"
): ):
LOG.d("not applicable for %s", content_type) LOG.d("not applicable for %s", content_type)
return msg return msg
@ -898,7 +960,7 @@ def replace(msg: Message, old, new) -> Message:
clone_msg.set_payload(new_parts) clone_msg.set_payload(new_parts)
return clone_msg return clone_msg
return msg return msg
@ -974,7 +1036,10 @@ def should_disable(alias: Alias) -> bool:
"""Disable an alias if it has too many bounces recently""" """Disable an alias if it has too many bounces recently"""
# Bypass the bounce rule # Bypass the bounce rule
if alias.cannot_be_disabled: if alias.cannot_be_disabled:
LOG.warning("%s cannot be disabled", alias) LOG.w("%s cannot be disabled", alias)
return False
return False return False
yesterday = yesterday =
@ -1008,7 +1073,7 @@ def should_disable(alias: Alias) -> bool:
.count() .count()
) )
if nb_bounced_7d_1d > 1: if nb_bounced_7d_1d > 1:
"more than 5 bounces in the last 24h and more than 1 bounces in the last 7 days, " "more than 5 bounces in the last 24h and more than 1 bounces in the last 7 days, "
"disable alias %s", "disable alias %s",
alias, alias,
@ -1088,7 +1153,7 @@ def spf_pass(
try: try:
r = spf.check2(i=ip, s=envelope.mail_from, h=None) r = spf.check2(i=ip, s=envelope.mail_from, h=None)
except Exception: except Exception:
else: else:
# TODO: Handle temperr case (e.g. dns timeout) # TODO: Handle temperr case (e.g. dns timeout)
# only an absolute pass, or no SPF policy at all is 'valid' # only an absolute pass, or no SPF policy at all is 'valid'
@ -1222,3 +1287,17 @@ def should_ignore_bounce(mail_from: str) -> bool:
return True return True
return False return False
def parse_full_address(full_address) -> (str, str):
parse the email address full format and return the display name and address
For ex: ab <> -> (ab,
'=?UTF-8?B?TmjGoW4gTmd1eeG7hW4=?= <>' -> ('Nhơn Nguyễn', "")
If the parsing fails, raise ValueError
full_address: EmailAddress = address.parse(full_address)
if full_address is None:
raise ValueError
return full_address.display_name, full_address.address

@ -25,7 +25,7 @@ def handle_batch_import(batch_import: BatchImport):
batch_import.processed = True batch_import.processed = True
db.session.commit() db.session.commit()
file_url = s3.get_url(batch_import.file.path) file_url = s3.get_url(batch_import.file.path)
LOG.d("Download file %s from %s", batch_import.file, file_url) LOG.d("Download file %s from %s", batch_import.file, file_url)
@ -43,7 +43,7 @@ def import_from_csv(batch_import: BatchImport, user: User, lines):
full_alias = sanitize_email(row["alias"]) full_alias = sanitize_email(row["alias"])
note = row["note"] note = row["note"]
except KeyError: except KeyError:
continue continue
alias_domain = get_email_domain_part(full_alias) alias_domain = get_email_domain_part(full_alias)
@ -54,7 +54,7 @@ def import_from_csv(batch_import: BatchImport, user: User, lines):
or not custom_domain.verified or not custom_domain.verified
or custom_domain.user_id != or custom_domain.user_id !=
): ):
continue continue
if ( if (

View file

try: try:
jwt.JWT(key=_key, jwt=id_token) jwt.JWT(key=_key, jwt=id_token)
except Exception: except Exception:
LOG.exception("id token not verified") LOG.e("id token not verified")
return False return False
else: else:
View file

@ -42,7 +42,7 @@ def _get_console_handler():
return console_handler return console_handler
logger = logging.getLogger(name) logger = logging.getLogger(name)
logger.setLevel(logging.DEBUG) logger.setLevel(logging.DEBUG)

@ -5,10 +5,13 @@ from email.utils import formataddr
from typing import List, Tuple, Optional from typing import List, Tuple, Optional
import arrow import arrow
import sqlalchemy as sa
from arrow import Arrow from arrow import Arrow
from flanker.addresslib import address
from flask import url_for from flask import url_for
from flask_login import UserMixin from flask_login import UserMixin
from sqlalchemy.orm import deferred from sqlalchemy.orm import deferred
from sqlalchemy_utils import ArrowType from sqlalchemy_utils import ArrowType
@ -39,9 +42,6 @@ from app.utils import (
random_word, random_word,
) )
import sqlalchemy as sa
from sqlalchemy.dialects.postgresql import TSVECTOR
@ -83,12 +83,17 @@ class ModelMixin(object):
def create(cls, **kw): def create(cls, **kw):
# whether should call db.session.commit # whether should call db.session.commit
commit = kw.pop("commit", False) commit = kw.pop("commit", False)
flush = kw.pop("flush", False)
r = cls(**kw) r = cls(**kw)
db.session.add(r) db.session.add(r)
if commit: if commit:
db.session.commit() db.session.commit()
if flush:
return r return r
def save(self): def save(self):
@ -160,9 +165,7 @@ class PlanEnum(EnumE):
# Specify the format for sender address # Specify the format for sender address
class SenderFormatEnum(EnumE): class SenderFormatEnum(EnumE):
AT = 0 # John Wick - john at AT = 0 # John Wick - john at
VIA = 1 # via SimpleLogin
A = 2 # John Wick - john(a) A = 2 # John Wick - john(a)
FULL = 3 # John Wick -
class AliasGeneratorEnum(EnumE): class AliasGeneratorEnum(EnumE):
@ -336,6 +339,12 @@ class User(db.Model, ModelMixin, UserMixin, PasswordOracle):
db.Boolean, default=False, nullable=False, server_default="0" db.Boolean, default=False, nullable=False, server_default="0"
) )
# ignore emails send from a mailbox to its alias. This can happen when replying all to a forwarded email
# can automatically re-includes the alias
ignore_loop_email = db.Column(
db.Boolean, default=False, nullable=False, server_default="0"
def create(cls, email, name="", password=None, **kwargs): def create(cls, email, name="", password=None, **kwargs):
user: User = super(User, cls).create(email=email, name=name, **kwargs) user: User = super(User, cls).create(email=email, name=name, **kwargs)
@ -386,7 +395,7 @@ class User(db.Model, ModelMixin, UserMixin, PasswordOracle):
return user return user
def _lifetime_or_active_subscription(self) -> bool: def lifetime_or_active_subscription(self) -> bool:
"""True if user has lifetime licence or active subscription""" """True if user has lifetime licence or active subscription"""
if self.lifetime: if self.lifetime:
return True return True
@ -435,7 +444,7 @@ class User(db.Model, ModelMixin, UserMixin, PasswordOracle):
def in_trial(self): def in_trial(self):
"""return True if user does not have lifetime licence or an active subscription AND is in trial period""" """return True if user does not have lifetime licence or an active subscription AND is in trial period"""
if self._lifetime_or_active_subscription(): if self.lifetime_or_active_subscription():
return False return False
if self.trial_end and < self.trial_end: if self.trial_end and < self.trial_end:
@ -444,7 +453,7 @@ class User(db.Model, ModelMixin, UserMixin, PasswordOracle):
return False return False
def should_show_upgrade_button(self): def should_show_upgrade_button(self):
if self._lifetime_or_active_subscription(): if self.lifetime_or_active_subscription():
# user who has canceled can also re-subscribe # user who has canceled can also re-subscribe
sub: Subscription = self.get_subscription() sub: Subscription = self.get_subscription()
if sub and sub.cancelled: if sub and sub.cancelled:
@ -468,10 +477,6 @@ class User(db.Model, ModelMixin, UserMixin, PasswordOracle):
if sub and not sub.cancelled: if sub and not sub.cancelled:
return False return False
apple_sub: AppleSubscription = AppleSubscription.get_by(
if apple_sub and apple_sub.is_valid():
return False
manual_sub: ManualSubscription = ManualSubscription.get_by( manual_sub: ManualSubscription = ManualSubscription.get_by(
# user who has giveaway premium can decide to upgrade # user who has giveaway premium can decide to upgrade
if manual_sub and manual_sub.is_active() and not manual_sub.is_giveaway: if manual_sub and manual_sub.is_active() and not manual_sub.is_giveaway:
@ -490,7 +495,7 @@ class User(db.Model, ModelMixin, UserMixin, PasswordOracle):
- in trial period or - in trial period or
- active subscription - active subscription
""" """
if self._lifetime_or_active_subscription(): if self.lifetime_or_active_subscription():
return True return True
if self.trial_end and < self.trial_end: if self.trial_end and < self.trial_end:
@ -506,9 +511,9 @@ class User(db.Model, ModelMixin, UserMixin, PasswordOracle):
sub: Subscription = self.get_subscription() sub: Subscription = self.get_subscription()
if sub: if sub:
if sub.cancelled: if sub.cancelled:
return f"Cancelled Paddle Subscription {sub.subscription_id}" return f"Cancelled Paddle Subscription {sub.subscription_id} {sub.plan_name()}"
else: else:
return f"Active Paddle Subscription {sub.subscription_id}" return f"Active Paddle Subscription {sub.subscription_id} {sub.plan_name()}"
apple_sub: AppleSubscription = AppleSubscription.get_by( apple_sub: AppleSubscription = AppleSubscription.get_by(
if apple_sub and apple_sub.is_valid(): if apple_sub and apple_sub.is_valid():
@ -582,7 +587,7 @@ class User(db.Model, ModelMixin, UserMixin, PasswordOracle):
Whether user can create a new alias. User can't create a new alias if Whether user can create a new alias. User can't create a new alias if
- has more than 15 aliases in the free plan, *even in the free trial* - has more than 15 aliases in the free plan, *even in the free trial*
""" """
if self._lifetime_or_active_subscription(): if self.lifetime_or_active_subscription():
return True return True
else: else:
return Alias.filter_by( < MAX_NB_EMAIL_FREE_PLAN return Alias.filter_by( < MAX_NB_EMAIL_FREE_PLAN
@ -686,7 +691,7 @@ class User(db.Model, ModelMixin, UserMixin, PasswordOracle):
or not custom_domain.verified or not custom_domain.verified
or custom_domain.user_id != or custom_domain.user_id !=
): ):
return custom_domain.domain return custom_domain.domain
@ -695,11 +700,11 @@ class User(db.Model, ModelMixin, UserMixin, PasswordOracle):
sl_domain = SLDomain.get(self.default_alias_public_domain_id) sl_domain = SLDomain.get(self.default_alias_public_domain_id)
# sanity check # sanity check
if not sl_domain: if not sl_domain:
if sl_domain.premium_only and not self.is_premium(): if sl_domain.premium_only and not self.is_premium():
LOG.warning( LOG.w(
"%s is not premium and cannot use %s. Reset default random alias domain setting", "%s is not premium and cannot use %s. Reset default random alias domain setting",
self, self,
sl_domain, sl_domain,
@ -864,13 +869,11 @@ def generate_oauth_client_id(client_name) -> str:
# check that the client does not exist yet # check that the client does not exist yet
if not Client.get_by(oauth_client_id=oauth_client_id): if not Client.get_by(oauth_client_id=oauth_client_id):
LOG.debug("generate oauth_client_id %s", oauth_client_id) LOG.d("generate oauth_client_id %s", oauth_client_id)
return oauth_client_id return oauth_client_id
# Rerun the function # Rerun the function
return generate_oauth_client_id(client_name) return generate_oauth_client_id(client_name)
@ -1042,11 +1045,11 @@ def generate_email(
if not Alias.get_by(email=random_email) and not DeletedAlias.get_by( if not Alias.get_by(email=random_email) and not DeletedAlias.get_by(
email=random_email email=random_email
): ):
LOG.debug("generate email %s", random_email) LOG.d("generate email %s", random_email)
return random_email return random_email
# Rerun the function # Rerun the function
return generate_email(scheme=scheme, in_hex=in_hex) return generate_email(scheme=scheme, in_hex=in_hex)
@ -1136,6 +1139,13 @@ class Alias(db.Model, ModelMixin):
__table_args__ = ( __table_args__ = (
Index("ix_video___ts_vector__", ts_vector, postgresql_using="gin"), Index("ix_video___ts_vector__", ts_vector, postgresql_using="gin"),
# index on note column using pg_trgm
postgresql_ops={"note": "gin_trgm_ops"},
) )
user = db.relationship(User, foreign_keys=[user_id]) user = db.relationship(User, foreign_keys=[user_id])
@ -1234,7 +1244,7 @@ class Alias(db.Model, ModelMixin):
elif user.default_alias_public_domain_id: elif user.default_alias_public_domain_id:
sl_domain: SLDomain = SLDomain.get(user.default_alias_public_domain_id) sl_domain: SLDomain = SLDomain.get(user.default_alias_public_domain_id)
if sl_domain.premium_only and not user.is_premium(): if sl_domain.premium_only and not user.is_premium():
LOG.warning("%s not premium, cannot use %s", user, sl_domain) LOG.w("%s not premium, cannot use %s", user, sl_domain)
else: else:
random_email = generate_email( random_email = generate_email(
scheme=scheme, in_hex=in_hex, alias_domain=sl_domain.domain scheme=scheme, in_hex=in_hex, alias_domain=sl_domain.domain
@ -1349,7 +1359,7 @@ class ClientUser(db.Model, ModelMixin):
elif scope == Scope.EMAIL: elif scope == Scope.EMAIL:
# Use generated email # Use generated email
if self.alias_id: if self.alias_id:
"Use gen email for user %s, client %s", self.user, self.client "Use gen email for user %s, client %s", self.user, self.client
) )
res[Scope.EMAIL.value] = res[Scope.EMAIL.value] =
@ -1407,8 +1417,6 @@ class Contact(db.Model, ModelMixin):
# to investigate why the website_email is sometimes not correctly parsed # to investigate why the website_email is sometimes not correctly parsed
# the envelope mail_from # the envelope mail_from
mail_from = db.Column(db.Text, nullable=True, default=None) mail_from = db.Column(db.Text, nullable=True, default=None)
# a contact can have an empty email address, in this case it can't receive emails # a contact can have an empty email address, in this case it can't receive emails
invalid_email = db.Column( invalid_email = db.Column(
@ -1443,12 +1451,10 @@ class Contact(db.Model, ModelMixin):
# if no name, try to parse it from website_from # if no name, try to parse it from website_from
if not name and self.website_from: if not name and self.website_from:
try: try:
from app.email_utils import parseaddr_unicode name = address.parse(self.website_from).display_name
name, _ = parseaddr_unicode(self.website_from)
except Exception: except Exception:
# Skip if website_from is wrongly formatted # Skip if website_from is wrongly formatted
"Cannot parse contact %s website_from %s", self, self.website_from "Cannot parse contact %s website_from %s", self, self.website_from
) )
name = "" name = ""
@ -1477,19 +1483,12 @@ class Contact(db.Model, ModelMixin):
`new_email` is a special reply address `new_email` is a special reply address
""" """
user = self.user user = self.user
if ( sender_format = user.sender_format if user else SenderFormatEnum.AT.value
not user
or not SenderFormatEnum.has_value(user.sender_format) if sender_format == SenderFormatEnum.AT.value:
or user.sender_format == SenderFormatEnum.VIA.value
new_name = f"{self.website_email} via SimpleLogin"
if user.sender_format == SenderFormatEnum.AT.value:
formatted_email = self.website_email.replace("@", " at ").strip() formatted_email = self.website_email.replace("@", " at ").strip()
elif user.sender_format == SenderFormatEnum.A.value: else:
formatted_email = self.website_email.replace("@", "(a)").strip() formatted_email = self.website_email.replace("@", "(a)").strip()
elif user.sender_format == SenderFormatEnum.FULL.value:
formatted_email = self.website_email.strip()
# Prefix name to formatted email if available # Prefix name to formatted email if available
new_name = ( new_name = (
@ -1757,25 +1756,19 @@ class ApiKey(db.Model, ModelMixin):
code = db.Column(db.String(128), unique=True, nullable=False) code = db.Column(db.String(128), unique=True, nullable=False)
name = db.Column(db.String(128), nullable=False) name = db.Column(db.String(128), nullable=True)
last_used = db.Column(ArrowType, default=None) last_used = db.Column(ArrowType, default=None)
times = db.Column(db.Integer, default=0, nullable=False) times = db.Column(db.Integer, default=0, nullable=False)
user = db.relationship(User) user = db.relationship(User)
@classmethod @classmethod
def create(cls, user_id, name): def create(cls, user_id, name=None, **kwargs):
# generate unique code
found = False
while not found:
code = random_string(60) code = random_string(60)
if cls.get_by(code=code):
code = str(uuid.uuid4())
class CustomDomain(db.Model, ModelMixin): class CustomDomain(db.Model, ModelMixin):
@ -1785,6 +1778,7 @@ class CustomDomain(db.Model, ModelMixin):
# default name to use when user replies/sends from alias # default name to use when user replies/sends from alias
name = db.Column(db.String(128), nullable=True, default=None) name = db.Column(db.String(128), nullable=True, default=None)
# mx verified
verified = db.Column(db.Boolean, nullable=False, default=False) verified = db.Column(db.Boolean, nullable=False, default=False)
dkim_verified = db.Column( dkim_verified = db.Column(
db.Boolean, nullable=False, default=False, server_default="0" db.Boolean, nullable=False, default=False, server_default="0"
@ -1813,6 +1807,26 @@ class CustomDomain(db.Model, ModelMixin):
db.Integer, default=0, server_default="0", nullable=False db.Integer, default=0, server_default="0", nullable=False
) )
user = db.relationship(User, foreign_keys=[user_id]) user = db.relationship(User, foreign_keys=[user_id])
@property @property
@ -1828,10 +1842,71 @@ class CustomDomain(db.Model, ModelMixin):
def get_trash_url(self): def get_trash_url(self):
return URL + f"/dashboard/domains/{}/trash" return URL + f"/dashboard/domains/{}/trash"
def get_ownership_dns_txt_value(self):
return f"sl-verification={self.ownership_txt_token}"
def create(cls, **kw):
domain: CustomDomain = super(CustomDomain, cls).create(**kw)
# generate a domain ownership txt token
if not domain.ownership_txt_token:
domain.ownership_txt_token = random_string(30)
return domain
def auto_create_rules(self):
return sorted(self._auto_create_rules, key=lambda rule: rule.order)
def __repr__(self): def __repr__(self):
return f"<Custom Domain {self.domain}>" return f"<Custom Domain {self.domain}>"
""" """
email = db.Column(db.String(256), nullable=False, unique=True) email = db.Column(db.String(256), nullable=False, unique=False)
class Payout(db.Model, ModelMixin): class Payout(db.Model, ModelMixin):

View file

@ -33,7 +33,7 @@
{% block single_content %} {% block single_content %}
<form class="card" method="post" style="max-width: 40rem; margin: auto; border-radius: 2%"> <form class="card" method="post" data-parsley-validate style="max-width: 40rem; margin: auto; border-radius: 2%">
{% if not client.approved %} {% if not client.approved %}
<div class="alert alert-warning" style="border-bottom: 3px solid;"> <div class="alert alert-warning" style="border-bottom: 3px solid;">
<b>{{ }}</b> is in Dev Mode and isn't approved (yet) by SimpleLogin. <b>{{ }}</b> is in Dev Mode and isn't approved (yet) by SimpleLogin.
@ -101,10 +101,11 @@
<div class="col-sm-6 pr-1 mb-1" style="min-width: 5em"> <div class="col-sm-6 pr-1 mb-1" style="min-width: 5em">
<input name="prefix" class="form-control" <input name="prefix" class="form-control"
type="text" type="text"
maxlength="40" maxlength="40"
data-bouncer-message="Only lowercase letters, dots, numbers, dashes (-) and underscores (_) are currently supported." data-parsley-pattern="[0-9a-z-_.]{1,}"
placeholder="email alias" data-parsley-trigger="change"
data-parsley-error-message="Only lowercase letters, dots, numbers, dashes (-) and underscores (_) are currently supported."
placeholder="Alias prefix, for example"
autofocus> autofocus>
</div> </div>
@ -124,10 +125,6 @@
</select> </select>
</div> </div>
</div> </div>
@ -102,7 +102,7 @@ def authorize():
) )
user_info = {} user_info = {}
if client_user: if client_user:
LOG.debug("user %s has already allowed client %s", current_user, client) LOG.d("user %s has already allowed client %s", current_user, client)
user_info = client_user.get_user_info() user_info = client_user.get_user_info()
else: else:
suggested_email, other_emails = current_user.suggested_emails( suggested_email, other_emails = current_user.suggested_emails(
@ -131,11 +131,11 @@ def authorize():
) )
else: # POST - user allows or denies else: # POST - user allows or denies
if request.form.get("button") == "deny": if request.form.get("button") == "deny":
LOG.debug("User %s denies Client %s", current_user, client) LOG.d("User %s denies Client %s", current_user, client)
final_redirect_uri = f"{redirect_uri}?error=deny&state={state}" final_redirect_uri = f"{redirect_uri}?error=deny&state={state}"
return redirect(final_redirect_uri) return redirect(final_redirect_uri)
LOG.debug("User %s allows Client %s", current_user, client) LOG.d("User %s allows Client %s", current_user, client)
client_user = ClientUser.get_by(, client_user = ClientUser.get_by(,
# user has already allowed this client, user cannot change information # user has already allowed this client, user cannot change information
@ -167,11 +167,11 @@ def authorize():
try: try:
alias_suffix = signer.unsign(signed_suffix, max_age=600).decode() alias_suffix = signer.unsign(signed_suffix, max_age=600).decode()
except SignatureExpired: except SignatureExpired:
LOG.warning("Alias creation time expired for %s", current_user) LOG.w("Alias creation time expired for %s", current_user)
flash("Alias creation time is expired, please retry", "warning") flash("Alias creation time is expired, please retry", "warning")
return redirect(request.url) return redirect(request.url)
except Exception: except Exception:
LOG.warning("Alias suffix is tampered, user %s", current_user) LOG.w("Alias suffix is tampered, user %s", current_user)
flash("Unknown error, refresh the page", "error") flash("Unknown error, refresh the page", "error")
return redirect(request.url) return redirect(request.url)
@ -189,7 +189,7 @@ def authorize():
or DeletedAlias.get_by(email=full_alias) or DeletedAlias.get_by(email=full_alias)
or DomainDeletedAlias.get_by(email=full_alias) or DomainDeletedAlias.get_by(email=full_alias)
): ):
LOG.exception("alias %s already used, very rare!", full_alias) LOG.e("alias %s already used, very rare!", full_alias)
flash(f"Alias {full_alias} already used", "error") flash(f"Alias {full_alias} already used", "error")
return redirect(request.url) return redirect(request.url)
else: else:
@ -255,9 +255,7 @@ def authorize():
if state: if state:
redirect_args["state"] = state redirect_args["state"] = state
else: else:
LOG.warning( LOG.w("more security reason, state should be added. client %s", client)
"more security reason, state should be added. client %s", client
if scope: if scope:
redirect_args["scope"] = scope redirect_args["scope"] = scope
@ -339,7 +337,7 @@ def generate_access_token() -> str:
return access_token return access_token
# Rerun the function # Rerun the function
LOG.warning("access token already exists, generate a new one") LOG.w("access token already exists, generate a new one")
return generate_access_token() return generate_access_token()

@ -56,9 +56,7 @@ def token():
if auth_code.client_id != if auth_code.client_id !=
return jsonify(error="are you sure this code belongs to you?"), 400 return jsonify(error="are you sure this code belongs to you?"), 400
LOG.debug( LOG.d("Create Oauth token for user %s, client %s", auth_code.user, auth_code.client)
"Create Oauth token for user %s, client %s", auth_code.user, auth_code.client
# Create token # Create token
oauth_token = OauthToken.create( oauth_token = OauthToken.create(

@ -72,9 +72,7 @@ def cancel_subscription(subscription_id: str) -> bool:
) )
res = r.json() res = r.json()
if not res["success"]: if not res["success"]:
LOG.exception( LOG.e(f"cannot cancel subscription {subscription_id}, paddle response: {res}")
f"cannot cancel subscription {subscription_id}, paddle response: {res}"
return res["success"] return res["success"]
@ -102,7 +100,7 @@ def change_plan(user: User, subscription_id: str, plan_id) -> (bool, str):
) )
return False, "Your card cannot be charged" return False, "Your card cannot be charged"
except KeyError: except KeyError:
LOG.exception( LOG.e(
f"cannot change subscription {subscription_id} to {plan_id}, paddle response: {res}" f"cannot change subscription {subscription_id} to {plan_id}, paddle response: {res}"
) )
return False, "" return False, ""

@ -43,7 +43,7 @@ def load_public_key_and_check(public_key: str) -> str:
try: try:
encrypt_file(dummy_data, fingerprint) encrypt_file(dummy_data, fingerprint)
except Exception as e: except Exception as e:
LOG.warning( LOG.w(
"Cannot encrypt using the imported key %s %s", fingerprint, public_key "Cannot encrypt using the imported key %s %s", fingerprint, public_key
) )
# remove the fingerprint # remove the fingerprint
@ -55,7 +55,7 @@ def load_public_key_and_check(public_key: str) -> str:
def hard_exit(): def hard_exit():
pid = os.getpid() pid = os.getpid()
LOG.warning("kill pid %s", pid) LOG.w("kill pid %s", pid)
os.kill(pid, 9) os.kill(pid, 9)

@ -2,7 +2,7 @@
""" """
import logging import logging
import re import re2 as re
import select import select
import socket import socket
from io import BytesIO from io import BytesIO
@ -115,7 +115,7 @@ class SpamAssassin(object):
"description": " ".join(wordlist[1:]), "description": " ".join(wordlist[1:]),
} }
except ValueError: except ValueError:
LOG.warning("Cannot parse %s %s", wordlist[0], wordlist) LOG.w("Cannot parse %s %s", wordlist[0], wordlist)
headers = ( headers = (
headers.decode("utf-8") headers.decode("utf-8")

@ -1,6 +1,8 @@
import random import random
import string import string
import time
import urllib.parse import urllib.parse
from functools import wraps
from unidecode import unidecode from unidecode import unidecode
@ -73,3 +75,15 @@ def sanitize_email(email_address: str) -> str:
def query2str(query): def query2str(query):
"""Useful utility method to print out a SQLAlchemy query""" """Useful utility method to print out a SQLAlchemy query"""
return query.statement.compile(compile_kwargs={"literal_binds": True}) return query.statement.compile(compile_kwargs={"literal_binds": True})
def debug_info(func):
def wrap(*args, **kwargs):
start = time.time()
LOG.d("start %s %s %s", func.__name__, args, kwargs)
ret = func(*args, **kwargs)
LOG.d("finish %s. Takes %s seconds", func.__name__, time.time() - start)
return ret
return wrap

@ -123,6 +123,10 @@ def notify_premium_end():
>= >=
): ):
user = sub.user user = sub.user
if user.lifetime:
LOG.d(f"Send subscription ending soon email to user {user}") LOG.d(f"Send subscription ending soon email to user {user}")
send_email( send_email(
@ -151,7 +155,7 @@ def notify_manual_sub_end():
if need_reminder: if need_reminder:
user = manual_sub.user user = manual_sub.user
LOG.debug("Remind user %s that their manual sub is ending soon", user) LOG.d("Remind user %s that their manual sub is ending soon", user)
send_email( send_email(,,
f"Your subscription will end soon", f"Your subscription will end soon",
@ -185,7 +189,7 @@ def notify_manual_sub_end():
if need_reminder: if need_reminder:
user = coinbase_subscription.user user = coinbase_subscription.user
LOG.debug( LOG.d(
"Remind user %s that their coinbase subscription is ending soon", user "Remind user %s that their coinbase subscription is ending soon", user
) )
send_email( send_email(
@ -443,9 +447,7 @@ def migrate_domain_trash():
if not SLDomain.get_by(domain=alias_domain): if not SLDomain.get_by(domain=alias_domain):
custom_domain = CustomDomain.get_by(domain=alias_domain) custom_domain = CustomDomain.get_by(domain=alias_domain)
if custom_domain: if custom_domain:
LOG.exception( LOG.e("move %s to domain %s trash", deleted_alias, custom_domain)
"move %s to domain %s trash", deleted_alias, custom_domain
db.session.add( db.session.add(
DomainDeletedAlias( DomainDeletedAlias(
user_id=custom_domain.user_id, user_id=custom_domain.user_id,
@ -470,7 +472,7 @@ def set_custom_domain_for_alias():
alias_domain = get_email_domain_part( alias_domain = get_email_domain_part(
custom_domain = CustomDomain.get_by(domain=alias_domain) custom_domain = CustomDomain.get_by(domain=alias_domain)
if custom_domain: if custom_domain:
LOG.exception("set %s for %s", custom_domain, alias) LOG.e("set %s for %s", custom_domain, alias)
alias.custom_domain_id = alias.custom_domain_id =
else: # phantom domain else: # phantom domain
LOG.d("phantom domain %s %s %s", alias.user, alias, alias.enabled) LOG.d("phantom domain %s %s %s", alias.user, alias, alias.enabled)
@ -533,7 +535,7 @@ def sanity_check():
render("transactional/disable-mailbox.html", mailbox=mailbox), render("transactional/disable-mailbox.html", mailbox=mailbox),
) )
LOG.warning( LOG.w(
"issue with mailbox %s domain. #alias %s, nb email log %s", "issue with mailbox %s domain. #alias %s, nb email log %s",
mailbox, mailbox,
mailbox.nb_alias(), mailbox.nb_alias(),
@ -546,40 +548,40 @@ def sanity_check():
for user in User.filter_by(activated=True).all(): for user in User.filter_by(activated=True).all():
if sanitize_email( != if sanitize_email( !=
LOG.exception("%s does not have sanitized email", user) LOG.e("%s does not have sanitized email", user)
for alias in Alias.query.all(): for alias in Alias.query.all():
if sanitize_email( != if sanitize_email( !=
LOG.exception("Alias %s email not sanitized", alias) LOG.e("Alias %s email not sanitized", alias)
if and "\n" in if and "\n" in ="\n", "") ="\n", "")
db.session.commit() db.session.commit()
LOG.exception("Alias %s name contains linebreak %s", alias, LOG.e("Alias %s name contains linebreak %s", alias,
contact_email_sanity_date = arrow.get("2021-01-12") contact_email_sanity_date = arrow.get("2021-01-12")
for contact in Contact.query.all(): for contact in Contact.query.all():
if sanitize_email(contact.reply_email) != contact.reply_email: if sanitize_email(contact.reply_email) != contact.reply_email:
LOG.exception("Contact %s reply-email not sanitized", contact) LOG.e("Contact %s reply-email not sanitized", contact)
if ( if (
sanitize_email(contact.website_email) != contact.website_email sanitize_email(contact.website_email) != contact.website_email
and contact.created_at > contact_email_sanity_date and contact.created_at > contact_email_sanity_date
): ):
LOG.exception("Contact %s website-email not sanitized", contact) LOG.e("Contact %s website-email not sanitized", contact)
if not contact.invalid_email and not is_valid_email(contact.website_email): if not contact.invalid_email and not is_valid_email(contact.website_email):
LOG.exception("%s invalid email", contact) LOG.e("%s invalid email", contact)
contact.invalid_email = True contact.invalid_email = True
db.session.commit() db.session.commit()
for mailbox in Mailbox.query.all(): for mailbox in Mailbox.query.all():
if sanitize_email( != if sanitize_email( !=
LOG.exception("Mailbox %s address not sanitized", mailbox) LOG.e("Mailbox %s address not sanitized", mailbox)
for contact in Contact.query.all(): for contact in Contact.query.all():
if normalize_reply_email(contact.reply_email) != contact.reply_email: if normalize_reply_email(contact.reply_email) != contact.reply_email:
LOG.exception( LOG.e(
"Contact %s reply email is not normalized %s", "Contact %s reply email is not normalized %s",
contact, contact,
contact.reply_email, contact.reply_email,
@ -587,7 +589,7 @@ def sanity_check():
for domain in CustomDomain.query.all(): for domain in CustomDomain.query.all():
if and "\n" in if and "\n" in
LOG.exception("Domain %s name contain linebreak %s", domain, LOG.e("Domain %s name contain linebreak %s", domain,
migrate_domain_trash() migrate_domain_trash()
set_custom_domain_for_alias() set_custom_domain_for_alias()
@ -605,7 +607,7 @@ def check_custom_domain():
if sorted(mx_domains) != sorted(EMAIL_SERVERS_WITH_PRIORITY): if sorted(mx_domains) != sorted(EMAIL_SERVERS_WITH_PRIORITY):
user = custom_domain.user user = custom_domain.user
LOG.warning( LOG.w(
"The MX record is not correctly set for %s %s %s", "The MX record is not correctly set for %s %s %s",
custom_domain, custom_domain,
user, user,
@ -617,9 +619,7 @@ def check_custom_domain():
# send alert if fail for 5 consecutive days # send alert if fail for 5 consecutive days
if custom_domain.nb_failed_checks > 5: if custom_domain.nb_failed_checks > 5:
domain_dns_url = f"{URL}/dashboard/domains/{}/dns" domain_dns_url = f"{URL}/dashboard/domains/{}/dns"
LOG.warning( LOG.w("Alert domain MX check fails %s about %s", user, custom_domain)
"Alert domain MX check fails %s about %s", user, custom_domain
send_email_with_rate_control( send_email_with_rate_control(
user, user,
@ -728,7 +728,7 @@ async def check_hibp():
LOG.d("Checking HIBP API for aliases in breaches") LOG.d("Checking HIBP API for aliases in breaches")
if len(HIBP_API_KEYS) == 0: if len(HIBP_API_KEYS) == 0:
LOG.exception("No HIBP API keys") LOG.e("No HIBP API keys")
return return
LOG.d("Updating list of known breaches") LOG.d("Updating list of known breaches")

@ -32,6 +32,7 @@ It should contain the following info:
""" """
import argparse import argparse
import email import email
import os
import time import time
import uuid import uuid
from email import encoders from email import encoders
@ -47,6 +48,9 @@ from typing import List, Tuple, Optional
import newrelic.agent import newrelic.agent
from aiosmtpd.controller import Controller from aiosmtpd.controller import Controller
from aiosmtpd.smtp import Envelope from aiosmtpd.smtp import Envelope
from email_validator import validate_email, EmailNotValidError
from flanker.addresslib import address
from flanker.addresslib.address import EmailAddress
from sqlalchemy.exc import IntegrityError from sqlalchemy.exc import IntegrityError
from app import pgp_utils, s3 from app import pgp_utils, s3
@ -76,6 +80,10 @@ from app.config import (
) )
from import status from import status
from import rate_limited from import rate_limited
@ -90,7 +98,6 @@ from app.email_utils import (
delete_all_headers_except, delete_all_headers_except,
get_spam_info, get_spam_info,
get_orig_message_from_spamassassin_report, get_orig_message_from_spamassassin_report,
send_email_with_rate_control, send_email_with_rate_control,
get_email_domain_part, get_email_domain_part,
copy, copy,
@ -112,6 +119,9 @@ from app.email_utils import (
sanitize_header, sanitize_header,
get_queue_id, get_queue_id,
should_ignore_bounce, should_ignore_bounce,
) )
from app.extensions import db from app.extensions import db
from app.log import LOG, set_message_id from app.log import LOG, set_message_id
@ -174,16 +184,20 @@ def get_or_create_contact(from_header: str, mail_from: str, alias: Alias) -> Con
""" """
contact_from_header is the RFC 2047 format FROM header contact_from_header is the RFC 2047 format FROM header
""" """
contact_name, contact_email = parseaddr_unicode(from_header) try:
contact_name, contact_email = parse_full_address(from_header)
except ValueError:
contact_name, contact_email = "", ""
if not is_valid_email(contact_email): if not is_valid_email(contact_email):
# From header is wrongly formatted, try with mail_from # From header is wrongly formatted, try with mail_from
if mail_from and mail_from != "<>": if mail_from and mail_from != "<>":
LOG.w( LOG.w(
"Cannot parse email from from_header %s, parse from mail_from %s", "Cannot parse email from from_header %s, use mail_from %s",
from_header, from_header,
mail_from, mail_from,
) )
_, contact_email = parseaddr_unicode(mail_from) contact_email = mail_from
if not is_valid_email(contact_email): if not is_valid_email(contact_email):
LOG.w( LOG.w(
@ -197,6 +211,10 @@ def get_or_create_contact(from_header: str, mail_from: str, alias: Alias) -> Con
contact_email = sanitize_email(contact_email) contact_email = sanitize_email(contact_email)
if contact_name and "\x00" in contact_name:
LOG.w("issue with contact name %s", contact_name)
contact_name = ""
contact = Contact.get_by(, website_email=contact_email) contact = Contact.get_by(, website_email=contact_email)
if contact: if contact:
if != contact_name: if != contact_name:
@ -219,16 +237,6 @@ def get_or_create_contact(from_header: str, mail_from: str, alias: Alias) -> Con
) )
contact.mail_from = mail_from contact.mail_from = mail_from
db.session.commit() db.session.commit()
if not contact.from_header and from_header:
"Set contact from_header %s: %s to %s",
contact.from_header = from_header
else: else:
LOG.d( LOG.d(
"create contact %s for alias %s", "create contact %s for alias %s",
@ -243,7 +251,6 @@ def get_or_create_contact(from_header: str, mail_from: str, alias: Alias) -> Con
website_email=contact_email, website_email=contact_email,
name=contact_name, name=contact_name,
mail_from=mail_from, mail_from=mail_from,
reply_email=generate_reply_email(contact_email, alias.user) reply_email=generate_reply_email(contact_email, alias.user)
if is_valid_email(contact_email) if is_valid_email(contact_email)
@ -267,25 +274,26 @@ def get_or_create_reply_to_contact(
""" """
Get or create the contact for the Reply-To header Get or create the contact for the Reply-To header
""" """
name, address = parseaddr_unicode(reply_to_header) try:
contact_name, contact_address = parse_full_address(reply_to_header)
except ValueError:
if not is_valid_email(address): if not is_valid_email(contact_address):
LOG.w( LOG.w(
"invalid reply-to address %s. Parse from %s", "invalid reply-to address %s. Parse from %s",
address, contact_address,
reply_to_header, reply_to_header,
) )
return None return None
address = sanitize_email(address) contact = Contact.get_by(, website_email=contact_address)
contact = Contact.get_by(, website_email=address)
if contact: if contact:
return contact return contact
else: else:
LOG.d( LOG.d(
"create contact %s for alias %s via reply-to header", "create contact %s for alias %s via reply-to header",
address, contact_address,
alias, alias,
reply_to_header, reply_to_header,
) )
@ -294,15 +302,15 @@ def get_or_create_reply_to_contact(
contact = Contact.create( contact = Contact.create(
user_id=alias.user_id, user_id=alias.user_id,,,
website_email=address, website_email=contact_address,
name=name, name=contact_name,
reply_email=generate_reply_email(address, alias.user), reply_email=generate_reply_email(contact_address, alias.user),
) )
db.session.commit() db.session.commit()
except IntegrityError: except IntegrityError:
LOG.w("Contact %s %s already exist", alias, address) LOG.w("Contact %s %s already exist", alias, contact_address)
db.session.rollback() db.session.rollback()
contact = Contact.get_by(, website_email=address) contact = Contact.get_by(, website_email=contact_address)
return contact return contact
@ -314,37 +322,43 @@ def replace_header_when_forward(msg: Message, alias: Alias, header: str):
new_addrs: [str] = [] new_addrs: [str] = []
headers = msg.get_all(header, []) headers = msg.get_all(header, [])
# headers can be an array of Header, convert it to string here # headers can be an array of Header, convert it to string here
headers = [str(h) for h in headers] headers = [get_header_unicode(h) for h in headers]
for contact_name, contact_email in getaddresses(headers):
# convert back to original then parse again to make sure contact_name is unicode
addr = formataddr((contact_name, contact_email))
contact_name, _ = parseaddr_unicode(addr)
contact_email = sanitize_email(contact_email) full_addresses: [EmailAddress] = []
for h in headers:
full_addresses += address.parse_list(h)
for full_address in full_addresses:
contact_email = sanitize_email(full_address.address)
# no transformation when alias is already in the header # no transformation when alias is already in the header
if contact_email == if contact_email ==
new_addrs.append(addr) new_addrs.append(full_address.full_spec())
continue continue
if not is_valid_email(contact_email): try:
# NOT allow unicode for contact address
contact_email, check_deliverability=False, allow_smtputf8=False
except EmailNotValidError:
LOG.w("invalid contact email %s. %s. Skip", contact_email, headers) LOG.w("invalid contact email %s. %s. Skip", contact_email, headers)
continue continue
contact = Contact.get_by(, website_email=contact_email) contact = Contact.get_by(, website_email=contact_email)
if contact: if contact:
# update the contact name if needed # update the contact name if needed
if != contact_name: if != full_address.display_name:
LOG.d( LOG.d(
"Update contact %s name %s to %s", "Update contact %s name %s to %s",
contact, contact,,,
contact_name, full_address.display_name,
) ) = contact_name = full_address.display_name
db.session.commit() db.session.commit()
else: else:
LOG.debug( LOG.d(
"create contact for alias %s and email %s, header %s", "create contact for alias %s and email %s, header %s",
alias, alias,
contact_email, contact_email,
@ -356,10 +370,9 @@ def replace_header_when_forward(msg: Message, alias: Alias, header: str):
user_id=alias.user_id, user_id=alias.user_id,,,
website_email=contact_email, website_email=contact_email,
name=contact_name, name=full_address.display_name,
reply_email=generate_reply_email(contact_email, alias.user), reply_email=generate_reply_email(contact_email, alias.user),
is_cc=header.lower() == "cc", is_cc=header.lower() == "cc",
) )
db.session.commit() db.session.commit()
except IntegrityError: except IntegrityError:
@ -485,7 +498,7 @@ def sign_msg(msg: Message) -> Message:
try: try:
signature.set_payload(sign_data(to_bytes(msg).replace(b"\n", b"\r\n"))) signature.set_payload(sign_data(to_bytes(msg).replace(b"\n", b"\r\n")))
except Exception: except Exception:
LOG.exception("Cannot sign, try using pgpy") LOG.e("Cannot sign, try using pgpy")
signature.set_payload( signature.set_payload(
sign_data_with_pgpy(to_bytes(msg).replace(b"\n", b"\r\n")) sign_data_with_pgpy(to_bytes(msg).replace(b"\n", b"\r\n"))
) )
@ -533,14 +546,17 @@ def handle_forward(envelope, msg: Message, rcpt_to: str) -> List[Tuple[bool, str
is_success indicates whether an email has been delivered and is_success indicates whether an email has been delivered and
smtp_status is the SMTP Status ("250 Message accepted", "550 Non-existent email address", etc) smtp_status is the SMTP Status ("250 Message accepted", "550 Non-existent email address", etc)
""" """
address = rcpt_to # alias@SL alias_address = rcpt_to # alias@SL
alias = Alias.get_by(email=address) alias = Alias.get_by(email=alias_address)
if not alias: if not alias:
LOG.d("alias %s not exist. Try to see if it can be created on the fly", address) LOG.d(
alias = try_auto_create(address) "alias %s not exist. Try to see if it can be created on the fly",
alias = try_auto_create(alias_address)
if not alias: if not alias:
LOG.d("alias %s cannot be created on-the-fly, return 550", address) LOG.d("alias %s cannot be created on-the-fly, return 550", alias_address)
if should_ignore_bounce(envelope.mail_from): if should_ignore_bounce(envelope.mail_from):
return [(True, status.E207)] return [(True, status.E207)]
else: else:
@ -555,21 +571,22 @@ def handle_forward(envelope, msg: Message, rcpt_to: str) -> List[Tuple[bool, str
else: else:
return [(False, status.E504)] return [(False, status.E504)]
# mail_from = envelope.mail_from if user.ignore_loop_email:
# for mb in alias.mailboxes: mail_from = envelope.mail_from
# # email send from a mailbox to alias for mb in alias.mailboxes:
# if == mail_from: # email sent from a mailbox to its alias
# LOG.w("cycle email sent from %s to %s", mb, alias) if == mail_from:
# handle_email_sent_to_ourself(alias, mb, msg, user) LOG.w("cycle email sent from %s to %s", mb, alias)
# return [(True, "250 Message accepted for delivery")] handle_email_sent_to_ourself(alias, mb, msg, user)
return [(True, status.E209)]
from_header = str(msg["From"]) from_header = get_header_unicode(msg["From"])
LOG.d("Create or get contact for from_header:%s", from_header) LOG.d("Create or get contact for from_header:%s", from_header)
contact = get_or_create_contact(from_header, envelope.mail_from, alias) contact = get_or_create_contact(from_header, envelope.mail_from, alias)
reply_to_contact = None reply_to_contact = None
if msg["Reply-To"]: if msg["Reply-To"]:
reply_to = str(msg["Reply-To"]) reply_to = get_header_unicode(msg["Reply-To"])
LOG.d("Create or get contact for from_header:%s", reply_to) LOG.d("Create or get contact for from_header:%s", reply_to)
# ignore when reply-to = alias # ignore when reply-to = alias
if reply_to == if reply_to ==
@ -868,14 +885,14 @@ def handle_reply(envelope, msg: Message, rcpt_to: str) -> (bool, str):
# Sanity check: verify alias domain is managed by SimpleLogin # Sanity check: verify alias domain is managed by SimpleLogin
# scenario: a user have removed a domain but due to a bug, the aliases are still there # scenario: a user have removed a domain but due to a bug, the aliases are still there
if not is_valid_alias_address_domain( if not is_valid_alias_address_domain(
LOG.exception("%s domain isn't known", alias) LOG.e("%s domain isn't known", alias)
return False, status.E503 return False, status.E503
user = alias.user user = alias.user
mail_from = envelope.mail_from mail_from = envelope.mail_from
if user.disabled: if user.disabled:
LOG.exception( LOG.e(
"User %s disabled, disable sending emails from %s to %s", "User %s disabled, disable sending emails from %s to %s",
user, user,
alias, alias,
@ -1089,9 +1106,9 @@ def get_mailbox_from_mail_from(mail_from: str, alias) -> Optional[Mailbox]:
if == mail_from: if == mail_from:
return mailbox return mailbox
for address in mailbox.authorized_addresses: for addr in mailbox.authorized_addresses:
if == mail_from: if == mail_from:
LOG.debug( LOG.d(
"Found an authorized address for %s %s %s", alias, mailbox, address "Found an authorized address for %s %s %s", alias, mailbox, address
) )
return mailbox return mailbox
@ -1169,12 +1186,12 @@ def handle_bounce_forward_phase(msg: Message, email_log: EmailLog):
# email_log.mailbox should be set during the forward phase # email_log.mailbox should be set during the forward phase
if not mailbox: if not mailbox:
LOG.exception("Use %s default mailbox %s", alias, alias.mailbox) LOG.e("Use %s default mailbox %s", alias, alias.mailbox)
mailbox = alias.mailbox mailbox = alias.mailbox
Bounce.create(, commit=True) Bounce.create(, commit=True)
LOG.debug( LOG.d(
"Handle forward bounce %s -> %s -> %s. %s", contact, alias, mailbox, email_log "Handle forward bounce %s -> %s -> %s. %s", contact, alias, mailbox, email_log
) )
@ -1249,6 +1266,8 @@ def handle_bounce_forward_phase(msg: Message, email_log: EmailLog):,,
), ),
max_nb_alert=10, max_nb_alert=10,
# smtp error can happen if user mailbox is unreachable, that might explain the bounce
) )
else: else:
LOG.w( LOG.w(
@ -1276,9 +1295,90 @@ def handle_bounce_forward_phase(msg: Message, email_log: EmailLog):,,
), ),
max_nb_alert=10, max_nb_alert=10,
) )
def handle_hotmail_complaint(msg: Message) -> bool:
Handle hotmail complaint sent to postmaster
Return True if the complaint can be handled, False otherwise
orig_msg = get_orig_message_from_hotmail_complaint(msg)
to_header = orig_msg["To"]
if not to_header:
LOG.e("cannot find the alias")
return False
_, alias_address = parse_full_address(get_header_unicode(to_header))
alias = Alias.get_by(email=alias_address)
if not alias:
LOG.w("No alias for %s", alias_address)
return False
user = alias.user
LOG.w("Handle hotmail complaint for %s %s %s", alias, user, alias.mailboxes)
f"Hotmail abuse report",
return True
def handle_yahoo_complaint(msg: Message) -> bool:
Handle yahoo complaint sent to postmaster
Return True if the complaint can be handled, False otherwise
orig_msg = get_orig_message_from_yahoo_complaint(msg)
to_header = orig_msg["To"]
if not to_header:
LOG.e("cannot find the alias")
return False
_, alias_address = parse_full_address(get_header_unicode(to_header))
alias = Alias.get_by(email=alias_address)
if not alias:
LOG.w("No alias for %s", alias_address)
return False
user = alias.user
LOG.w("Handle yahoo complaint for %s %s %s", alias, user, alias.mailboxes)
f"Yahoo abuse report",
return True
def handle_bounce_reply_phase(envelope, msg: Message, email_log: EmailLog): def handle_bounce_reply_phase(envelope, msg: Message, email_log: EmailLog):
""" """
Handle reply phase bounce Handle reply phase bounce
@ -1289,9 +1389,7 @@ def handle_bounce_reply_phase(envelope, msg: Message, email_log: EmailLog):
user = alias.user user = alias.user
mailbox = email_log.mailbox or alias.mailbox mailbox = email_log.mailbox or alias.mailbox
LOG.debug( LOG.d("Handle reply bounce %s -> %s -> %s.%s", mailbox, alias, contact, email_log)
"Handle reply bounce %s -> %s -> %s.%s", mailbox, alias, contact, email_log
Bounce.create(email=sanitize_email(contact.website_email), commit=True) Bounce.create(email=sanitize_email(contact.website_email), commit=True)
@ -1512,11 +1610,11 @@ def handle_unsubscribe_user(user_id: int, mail_from: str) -> str:
"""return the SMTP status""" """return the SMTP status"""
user = User.get(user_id) user = User.get(user_id)
if not user: if not user:
LOG.exception("No such user %s %s", user_id, mail_from) LOG.w("No such user %s %s", user_id, mail_from)
return status.E510 return status.E510
if mail_from != if mail_from !=
LOG.exception("Unauthorized mail_from %s %s", user, mail_from) LOG.e("Unauthorized mail_from %s %s", user, mail_from)
return status.E511 return status.E511
user.notification = False user.notification = False
@ -1638,7 +1736,7 @@ def handle(envelope: Envelope) -> str:
if postfix_queue_id: if postfix_queue_id:
set_message_id(postfix_queue_id) set_message_id(postfix_queue_id)
else: else:
LOG.w("Cannot parse Postfix queue ID from %s", msg["Received"]) LOG.d("Cannot parse Postfix queue ID from %s", msg["Received"])
if should_ignore(mail_from, rcpt_tos): if should_ignore(mail_from, rcpt_tos):
LOG.w("Ignore email mail_from=%s rcpt_to=%s", mail_from, rcpt_tos) LOG.w("Ignore email mail_from=%s rcpt_to=%s", mail_from, rcpt_tos)
@ -1665,10 +1763,12 @@ def handle(envelope: Envelope) -> str:
contact = Contact.get_by(reply_email=mail_from) contact = Contact.get_by(reply_email=mail_from)
if contact: if contact:
LOG.e( LOG.w(
"email can't be sent from a reverse-alias alias:%s, contact email:%s", "email can't be sent from a reverse-alias:%s, contact email:%s, %s, %s",
contact.alias, contact.reply_email,
contact.website_email, contact.website_email,
) )
return status.E203 return status.E203
@ -1687,6 +1787,28 @@ def handle(envelope: Envelope) -> str:
handle_transactional_bounce(envelope, rcpt_tos[0]) handle_transactional_bounce(envelope, rcpt_tos[0])
return status.E205 return status.E205
if (
len(rcpt_tos) == 1
and mail_from == ""
and rcpt_tos[0] == POSTMASTER
LOG.w("Handle hotmail complaint")
# if the complaint cannot be handled, forward it normally
if handle_hotmail_complaint(msg):
return status.E208
if (
len(rcpt_tos) == 1
and mail_from == ""
and rcpt_tos[0] == POSTMASTER
LOG.w("Handle yahoo complaint")
# if the complaint cannot be handled, forward it normally
if handle_yahoo_complaint(msg):
return status.E210
# Handle bounce # Handle bounce
if ( if (
len(rcpt_tos) == 1 len(rcpt_tos) == 1
@ -1721,8 +1843,45 @@ def handle(envelope: Envelope) -> str:
) )
return handle_bounce(envelope, email_log, msg) return handle_bounce(envelope, email_log, msg)
# case where From: header is a reverse alias which should never happen
from_header = get_header_unicode(msg["From"])
if from_header:
_, from_header_address = parse_full_address(from_header)
except ValueError:
LOG.d("cannot parse the From header %s", from_header)
if is_reply_email(from_header_address):
LOG.e("email sent from a reverse alias %s", from_header_address)
# get more info for debug
contact = Contact.get_by(reply_email=from_header_address)
if contact:
LOG.d("%s %s %s", contact.user, contact.alias, contact)
# To investigate. todo: remove
file_name = str(uuid.uuid4()) + ".eml"
with open(os.path.join(TEMP_DIR, file_name), "wb") as f:
LOG.d("email saved to %s", file_name)
return status.E523
if rate_limited(mail_from, rcpt_tos): if rate_limited(mail_from, rcpt_tos):
LOG.w("Rate Limiting applied for mail_from:%s rcpt_tos:%s", mail_from, rcpt_tos) LOG.w("Rate Limiting applied for mail_from:%s rcpt_tos:%s", mail_from, rcpt_tos)
# add more logging info. TODO: remove
if len(rcpt_tos) == 1:
alias = Alias.get_by(email=rcpt_tos[0])
if alias:
"total number email log on %s, %s is %s, %s",
EmailLog.query.filter(EmailLog.alias_id ==,
EmailLog.query.filter(EmailLog.user_id == alias.user_id).count(),
if should_ignore_bounce(envelope.mail_from): if should_ignore_bounce(envelope.mail_from):
return status.E207 return status.E207
else: else:
@ -1821,6 +1980,9 @@ class MailHandler:
newrelic.agent.record_custom_metric( newrelic.agent.record_custom_metric(
"Custom/email_handler_time", elapsed, newrelic_app "Custom/email_handler_time", elapsed, newrelic_app
) )
"Custom/number_incoming_email", 1, newrelic_app
return ret return ret

View file

@ -74,14 +74,8 @@ EMAIL_SERVERS_WITH_PRIORITY=[(10, "email.hostname.")]
# the DKIM private key used to compute DKIM-Signature # the DKIM private key used to compute DKIM-Signature
# DKIM_PRIVATE_KEY_PATH=local_data/dkim.key # DKIM_PRIVATE_KEY_PATH=local_data/dkim.key
# delete and recreate the sqlite database, for local development
# DB Connection # DB Connection
# Local SQLite database DB_URI=postgresql://myuser:mypassword@localhost:35432/simplelogin
# Postgres
# DB_URI=postgresql://myuser:mypassword@sl-db:5432/simplelogin
@ -178,3 +172,9 @@ DISABLE_ONBOARDING=true
# NewRelic Config File Path # NewRelic Config File Path
# NEWRELIC_CONFIG_PATH = /path/newrelic.ini # NEWRELIC_CONFIG_PATH = /path/newrelic.ini
# TEMP_DIR = /tmp

View file

@ -15,9 +15,7 @@ def load_pgp_public_keys():
# sanity check # sanity check
if fingerprint != mailbox.pgp_finger_print: if fingerprint != mailbox.pgp_finger_print:
LOG.exception( LOG.e("fingerprint %s different for mailbox %s", fingerprint, mailbox)
"fingerprint %s different for mailbox %s", fingerprint, mailbox
mailbox.pgp_finger_print = fingerprint mailbox.pgp_finger_print = fingerprint
db.session.commit() db.session.commit()
@ -27,9 +25,7 @@ def load_pgp_public_keys():
# sanity check # sanity check
if fingerprint != contact.pgp_finger_print: if fingerprint != contact.pgp_finger_print:
LOG.exception( LOG.e("fingerprint %s different for contact %s", fingerprint, contact)
"fingerprint %s different for contact %s", fingerprint, contact
contact.pgp_finger_print = fingerprint contact.pgp_finger_print = fingerprint
db.session.commit() db.session.commit()
@ -42,14 +38,14 @@ def add_sl_domains():
if SLDomain.get_by(domain=alias_domain): if SLDomain.get_by(domain=alias_domain):
LOG.d("%s is already a SL domain", alias_domain) LOG.d("%s is already a SL domain", alias_domain)
else: else:"Add %s to SL domain", alias_domain) LOG.i("Add %s to SL domain", alias_domain)
SLDomain.create(domain=alias_domain) SLDomain.create(domain=alias_domain)
for premium_domain in PREMIUM_ALIAS_DOMAINS: for premium_domain in PREMIUM_ALIAS_DOMAINS:
if SLDomain.get_by(domain=premium_domain): if SLDomain.get_by(domain=premium_domain):
LOG.d("%s is already a SL domain", premium_domain) LOG.d("%s is already a SL domain", premium_domain)
else: else:"Add %s to SL domain", premium_domain) LOG.i("Add %s to SL domain", premium_domain)
SLDomain.create(domain=premium_domain, premium_only=True) SLDomain.create(domain=premium_domain, premium_only=True)
db.session.commit() db.session.commit()

@ -159,7 +159,7 @@ if __name__ == "__main__":
continue continue
user_email = user_email =
LOG.warning("Delete user %s", user) LOG.w("Delete user %s", user)
User.delete( User.delete(
db.session.commit() db.session.commit()
@ -170,6 +170,6 @@ if __name__ == "__main__":
render("transactional/account-delete.html"), render("transactional/account-delete.html"),
) )
else: else:
LOG.exception("Unknown job name %s", LOG.e("Unknown job name %s",
time.sleep(10) time.sleep(10)

@ -0,0 +1,29 @@
"""empty message
Revision ID: 916a5257d18c
Revises: 424808e1fe49
Create Date: 2021-09-07 15:35:35.430202
import sqlalchemy_utils
from alembic import op
import sqlalchemy as sa
# revision identifiers, used by Alembic.
revision = '916a5257d18c'
down_revision = '424808e1fe49'
branch_labels = None
depends_on = None
def upgrade():
# ### commands auto generated by Alembic - please adjust! ###
op.add_column('coupon', sa.Column('is_giveaway', sa.Boolean(), server_default='0', nullable=False))
# ### end Alembic commands ###
def downgrade():
# ### commands auto generated by Alembic - please adjust! ###
op.drop_column('coupon', 'is_giveaway')
# ### end Alembic commands ###

@ -0,0 +1,29 @@
"""empty message
Revision ID: d8c55e79da54
Revises: 4d3f91ddf3e9
Create Date: 2021-09-17 16:30:23.299011
import sqlalchemy_utils
from alembic import op
import sqlalchemy as sa
# revision identifiers, used by Alembic.
revision = 'd8c55e79da54'
down_revision = '4d3f91ddf3e9'
branch_labels = None
depends_on = None
def upgrade():
# ### commands auto generated by Alembic - please adjust! ###
op.add_column('custom_domain', sa.Column('auto_create_regex', sa.String(length=512), nullable=True))
# ### end Alembic commands ###
def downgrade():
# ### commands auto generated by Alembic - please adjust! ###
op.drop_column('custom_domain', 'auto_create_regex')
# ### end Alembic commands ###

@ -0,0 +1,33 @@
"""empty message
Revision ID: b8b4f9598240
Revises: bc75acacc98e
Create Date: 2021-09-21 11:22:24.285286
import sqlalchemy_utils
from alembic import op
import sqlalchemy as sa
# revision identifiers, used by Alembic.
revision = 'b8b4f9598240'
down_revision = 'bc75acacc98e'
branch_labels = None
depends_on = None
def upgrade():
# ### commands auto generated by Alembic - please adjust! ###
op.alter_column('api_key', 'name',
# ### end Alembic commands ###
def downgrade():
# ### commands auto generated by Alembic - please adjust! ###
op.alter_column('api_key', 'name',
# ### end Alembic commands ###

@ -43,7 +43,7 @@ def get_stats():
# reset # reset
_nb_failed = 0 _nb_failed = 0
LOG.exception( LOG.e(
"Too many emails in incoming & active queue %s %s", "Too many emails in incoming & active queue %s %s",
incoming_queue, incoming_queue,
active_queue, active_queue,

View file

@ -1,16 +0,0 @@
# Generate a new migration script using Docker
# To run it:
# sh
# create a postgres database for SimpleLogin
docker rm -f sl-db
docker run -p 15432:5432 --name sl-db -e POSTGRES_PASSWORD=postgres -e POSTGRES_DB=sl -d postgres
# run run `flask db upgrade` to upgrade the DB to the latest stage and
env DB_URI=postgresql://postgres:postgres@ flask db upgrade
# finally `flask db migrate` to generate the migration script.
env DB_URI=postgresql://postgres:postgres@ flask db migrate
# remove the db
docker rm -f sl-db

@ -18,14 +18,16 @@ speedups = ["aiodns", "brotlipy", "cchardet"]
[[package]] [[package]]
name = "aiosmtpd" name = "aiosmtpd"
version = "1.2" version = "1.4.2"
description = "aiosmtpd - asyncio based SMTP server" description = "aiosmtpd - asyncio based SMTP server"
category = "main" category = "main"
optional = false optional = false
python-versions = "*" python-versions = "~=3.6"
[package.dependencies] [package.dependencies]
atpublic = "*" atpublic = "*"
attrs = "*"
typing-extensions = {version = "*", markers = "python_version < \"3.8\""}
[[package]] [[package]]
name = "aiosmtplib" name = "aiosmtplib"
@ -396,11 +398,11 @@ trio = ["trio (>=0.14.0)", "sniffio (>=1.1)"]
[[package]] [[package]]
name = "email-validator" name = "email-validator"
version = "1.1.1" version = "1.1.3"
description = "A robust email syntax and deliverability validation library for Python 2.x/3.x." description = "A robust email syntax and deliverability validation library for Python 2.x/3.x."
category = "main" category = "main"
optional = false optional = false
python-versions = "*" python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,>=2.7"
[package.dependencies] [package.dependencies]
dnspython = ">=1.15.0" dnspython = ">=1.15.0"
@ -421,7 +423,7 @@ requests = "*"
name = "filelock" name = "filelock"
version = "3.0.12" version = "3.0.12"
description = "A platform independent file lock." description = "A platform independent file lock."
category = "main" category = "dev"
optional = false optional = false
python-versions = "*" python-versions = "*"
@ -439,6 +441,30 @@ mccabe = ">=0.6.0,<0.7.0"
pycodestyle = ">=2.6.0a1,<2.7.0" pycodestyle = ">=2.6.0a1,<2.7.0"
pyflakes = ">=2.2.0,<2.3.0" pyflakes = ">=2.2.0,<2.3.0"
name = "flanker"
version = "0.9.11"
description = "Mailgun Parsing Tools"
category = "main"
optional = false
python-versions = "*"
attrs = "*"
chardet = ">=1.0.1"
cryptography = ">=0.5"
idna = ">=2.5"
ply = ">=3.10"
regex = ">=0.1.20110315"
six = "*"
tld = "*"
WebOb = ">=0.9.8"
cchardet = ["cchardet (>=0.3.5)"]
validator = ["dnsq (>=1.1.6)", "redis (>=2.7.1)"]
[[package]] [[package]]
name = "flask" name = "flask"
version = "1.1.2" version = "1.1.2"
@ -563,7 +589,7 @@ simplejson = "*"
[[package]] [[package]]
name = "flask-sqlalchemy" name = "flask-sqlalchemy"
version = "2.4.4" version = "2.5.1"
description = "Adds SQLAlchemy support to your Flask application." description = "Adds SQLAlchemy support to your Flask application."
category = "main" category = "main"
optional = false optional = false
@ -1058,6 +1084,14 @@ importlib-metadata = {version = ">=0.12", markers = "python_version < \"3.8\""}
[package.extras] [package.extras]
dev = ["pre-commit", "tox"] dev = ["pre-commit", "tox"]
[[package]] [[package]]
name = "pre-commit" name = "pre-commit"
version = "2.7.1" version = "2.7.1"
@ -1132,19 +1166,6 @@ category = "dev"
optional = false optional = false
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
name = "py3-validate-email"
version = "0.2.10"
description = "Email validator with regex, blacklisted domains and SMTP checking."
category = "main"
optional = false
python-versions = "*"
dnspython = ">=2.0,<3.0"
filelock = ">=3.0,<4.0"
idna = ">=2.10,<3.0"
[[package]] [[package]]
name = "pyasn1" name = "pyasn1"
version = "0.4.8" version = "0.4.8"
@ -1236,6 +1257,18 @@ category = "dev"
optional = false optional = false
python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*" python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*"
name = "pyre2"
version = "0.3.6"
description = "Python wrapper for Google\\'s RE2 using Cython"
category = "main"
optional = false
python-versions = ">=3.6"
perf = ["regex"]
test = ["pytest"]
[[package]] [[package]]
name = "pyreadline" name = "pyreadline"
version = "2.1" version = "2.1"
@ -1348,7 +1381,7 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*"
name = "regex" name = "regex"
version = "2020.9.27" version = "2020.9.27"
description = "Alternative regular expression module, to replace re." description = "Alternative regular expression module, to replace re."
category = "dev" category = "main"
optional = false optional = false
python-versions = "*" python-versions = "*"
@ -1533,6 +1566,14 @@ python-versions = "*"
python-dateutil = ">=2.6.0" python-dateutil = ">=2.6.0"
"ruamel.yaml" = ">=0.14.2" "ruamel.yaml" = ">=0.14.2"
[[package]] [[package]]
name = "toml" name = "toml"
version = "0.10.1" version = "0.10.1"
@ -1653,6 +1694,18 @@ future = ">=0.17.1"
pyOpenSSL = ">=16.0.0" pyOpenSSL = ">=16.0.0"
six = ">=1.11.0" six = ">=1.11.0"
[[package]] [[package]]
name = "werkzeug" name = "werkzeug"
version = "1.0.1" version = "1.0.1"
@ -1751,7 +1804,7 @@ testing = ["coverage (>=5.0.3)", "zope.event", "zope.testing"]
[metadata] [metadata]
lock-version = "1.1" lock-version = "1.1"
python-versions = "^3.7" python-versions = "^3.7"
