initial implementation of sendmail

4 files changed, 44 insertions, 35 deletions

diff --git a/src/jwebmail/__init__.py b/src/jwebmail/__init__.py
index 58bc8d5..88309ff 100644
--- a/src/jwebmail/__init__.py
+++ b/src/jwebmail/__init__.py
@@ -7,6 +7,7 @@ from babel import parse_locale
 from flask import Flask, abort, g, redirect, url_for
 from flask_babel import Babel, get_locale
 from flask_login import LoginManager, login_required
+from flask_wtf.csrf import CSRFProtect
 from jinja2 import ChainableUndefined
 from werkzeug.middleware.proxy_fix import ProxyFix
 
@@ -34,7 +35,9 @@ else:
 
     toml_read_file = dict(load=toml_load, text=True)
 
-__version__ = "2.2.1.dev1"
+__version__ = "2.2.1.dev2"
+
+csrf = CSRFProtect()
 
 
 def validate_config(app):
@@ -67,6 +70,8 @@ def create_app():
 
     validate_config(app)
 
+    csrf.init_app(app)
+
     babel = Babel(app, locale_selector=lambda: g.get("lang_code"))
 
     app.cli.add_command(compile_css_command)
diff --git a/src/jwebmail/read_mails.py b/src/jwebmail/read_mails.py
index 915567c..2d2b26c 100644
--- a/src/jwebmail/read_mails.py
+++ b/src/jwebmail/read_mails.py
@@ -42,14 +42,14 @@ def add_user(user: JWebmailUser):
 
 
 def load_user(username: str) -> JWebmailUser:
-    passwd = current_app.config["JWEBMAIL"]["READ_MAILS"]["SESSION_STORE_PASSWD"]
+    ss_password = current_app.config["JWEBMAIL"]["READ_MAILS"]["SESSION_STORE_PASSWD"]
     r = redis.Redis(
         host="localhost",
         port=6379,
         decode_responses=True,
         protocol=3,
         username="jwebmail",
-        password=passwd,
+        password=ss_password,
     )
     passwd = r.getex(f"jwm:user:{username}", EXPIRATION_SEC)
     if passwd is None:
@@ -61,19 +61,6 @@ def get_read_mails_logged_in():
     if "read_mails" in g:
         return g.read_mails
 
-    passwd = current_app.config["JWEBMAIL"]["READ_MAILS"]["SESSION_STORE_PASSWD"]
-    r = redis.Redis(
-        host="localhost",
-        port=6379,
-        decode_responses=True,
-        protocol=3,
-        username="jwebmail",
-        password=passwd,
-    )
-    passwd = r.get(f"jwm:user:{current_user.get_id()}")
-    if passwd is None:
-        raise KeyError(current_user.get_id())
-
-    qma = build_qma(current_user.get_id(), passwd)
+    qma = build_qma(current_user.get_id(), current_user.password)
     g.read_mails = qma
     return qma
diff --git a/src/jwebmail/templates/writemail.html b/src/jwebmail/templates/writemail.html
index 31adff1..a945081 100644
--- a/src/jwebmail/templates/writemail.html
+++ b/src/jwebmail/templates/writemail.html
@@ -9,7 +9,7 @@
       <p class=message> {{ warning }} </p>
     {% endif %}
 
-    <form method="post" enctype="multipart/form-data">
+    <form method=post enctype="multipart/form-data">
 
       <div class=field>
         {{ form.send_to.label(class='label') }}
@@ -57,7 +57,7 @@
         <div class=file>
           <label class=file-label>
             {{ form.attachments(class='file-input') }}
-            <span class="file-cta">
+            <span class=file-cta>
               <span class=file-label>
                 {% trans %}attach file{% endtrans %}
               </span>
@@ -66,6 +66,8 @@
         </div>
       </div>
 
+      {{ form.csrf_token }}
+
       <div class=field>
         <div class=control>
           <input type=submit class=button value="{{ gettext('Send') }}">
@@ -75,7 +77,7 @@
     </form>
 
     <nav>
-      <a href="javascript:history.back()" class="button">{% trans %}back{% endtrans %}</a>
+      <a href="javascript:history.back()" class=button>{% trans %}back{% endtrans %}</a>
     </nav>
 
   </div>
diff --git a/src/jwebmail/webmail.py b/src/jwebmail/webmail.py
index af60774..7e63307 100644
--- a/src/jwebmail/webmail.py
+++ b/src/jwebmail/webmail.py
@@ -1,4 +1,12 @@
 from urllib.parse import urlparse
+from smtplib import (
+    SMTP_SSL,
+    SMTPHeloError,
+    SMTPAuthenticationError,
+    SMTPNotSupportedError,
+    SMTPException,
+)
+from email.message import EmailMessage
 
 from flask import abort, current_app, flash, redirect, render_template, request, url_for
 from flask_babel import gettext, lazy_gettext
@@ -200,21 +208,28 @@ def sendmail():
     if not form.validate():
         abort(400)
 
-    mail = {
-        "to": form.to.data,
-        "message": form.content.data,
-        "subject": form.subject.data,
-        "cc": form.cc.data,
-        "bcc": form.bcc.data,
-        "reply": form.answer_to.data,
-        "attach": form.attachments.data,
-        "from": "",
-    }
-
-    error = send_mail(mail)
-
-    if error:
-        return render_template("writemail.html", warning=gettext("error_send")), 400
+    # mail = { "attach": form.attachments.data }
+    mail = EmailMessage()
+    mail["to"] = form.answer_to.data
+    mail["subject"] = form.subject.data
+    mail["cc"] = form.cc.data
+    mail["bcc"] = form.bcc.data
+    mail["reply"] = form.answer_to.data
+    mail.set_content(form.content.data)
+
+    try:
+        with SMTP_SSL(
+            current_app.config["JWEBMAIL"]["WRITE_MAILS"]["SMTPS_SERVER"]
+        ) as smtp:
+            smtp.login(current_user.id, current_user.password)
+            smtp.send_message(mail)
+    except (
+        SMTPHeloError,
+        SMTPAuthenticationError,
+        SMTPNotSupportedError,
+        SMTPException,
+    ):
+        return render_template("writemail.html", form=form, warning=gettext("error_send")), 400
 
     flash(gettext("succ_send"))
     return redirect(url_for("displayheaders"), 303)