summaryrefslogtreecommitdiff
path: root/src/jwebmail
diff options
context:
space:
mode:
Diffstat (limited to 'src/jwebmail')
-rw-r--r--src/jwebmail/__init__.py7
-rw-r--r--src/jwebmail/read_mails.py19
-rw-r--r--src/jwebmail/templates/writemail.html8
-rw-r--r--src/jwebmail/webmail.py45
4 files changed, 44 insertions, 35 deletions
diff --git a/src/jwebmail/__init__.py b/src/jwebmail/__init__.py
index 58bc8d5..88309ff 100644
--- a/src/jwebmail/__init__.py
+++ b/src/jwebmail/__init__.py
@@ -7,6 +7,7 @@ from babel import parse_locale
from flask import Flask, abort, g, redirect, url_for
from flask_babel import Babel, get_locale
from flask_login import LoginManager, login_required
+from flask_wtf.csrf import CSRFProtect
from jinja2 import ChainableUndefined
from werkzeug.middleware.proxy_fix import ProxyFix
@@ -34,7 +35,9 @@ else:
toml_read_file = dict(load=toml_load, text=True)
-__version__ = "2.2.1.dev1"
+__version__ = "2.2.1.dev2"
+
+csrf = CSRFProtect()
def validate_config(app):
@@ -67,6 +70,8 @@ def create_app():
validate_config(app)
+ csrf.init_app(app)
+
babel = Babel(app, locale_selector=lambda: g.get("lang_code"))
app.cli.add_command(compile_css_command)
diff --git a/src/jwebmail/read_mails.py b/src/jwebmail/read_mails.py
index 915567c..2d2b26c 100644
--- a/src/jwebmail/read_mails.py
+++ b/src/jwebmail/read_mails.py
@@ -42,14 +42,14 @@ def add_user(user: JWebmailUser):
def load_user(username: str) -> JWebmailUser:
- passwd = current_app.config["JWEBMAIL"]["READ_MAILS"]["SESSION_STORE_PASSWD"]
+ ss_password = current_app.config["JWEBMAIL"]["READ_MAILS"]["SESSION_STORE_PASSWD"]
r = redis.Redis(
host="localhost",
port=6379,
decode_responses=True,
protocol=3,
username="jwebmail",
- password=passwd,
+ password=ss_password,
)
passwd = r.getex(f"jwm:user:{username}", EXPIRATION_SEC)
if passwd is None:
@@ -61,19 +61,6 @@ def get_read_mails_logged_in():
if "read_mails" in g:
return g.read_mails
- passwd = current_app.config["JWEBMAIL"]["READ_MAILS"]["SESSION_STORE_PASSWD"]
- r = redis.Redis(
- host="localhost",
- port=6379,
- decode_responses=True,
- protocol=3,
- username="jwebmail",
- password=passwd,
- )
- passwd = r.get(f"jwm:user:{current_user.get_id()}")
- if passwd is None:
- raise KeyError(current_user.get_id())
-
- qma = build_qma(current_user.get_id(), passwd)
+ qma = build_qma(current_user.get_id(), current_user.password)
g.read_mails = qma
return qma
diff --git a/src/jwebmail/templates/writemail.html b/src/jwebmail/templates/writemail.html
index 31adff1..a945081 100644
--- a/src/jwebmail/templates/writemail.html
+++ b/src/jwebmail/templates/writemail.html
@@ -9,7 +9,7 @@
<p class=message> {{ warning }} </p>
{% endif %}
- <form method="post" enctype="multipart/form-data">
+ <form method=post enctype="multipart/form-data">
<div class=field>
{{ form.send_to.label(class='label') }}
@@ -57,7 +57,7 @@
<div class=file>
<label class=file-label>
{{ form.attachments(class='file-input') }}
- <span class="file-cta">
+ <span class=file-cta>
<span class=file-label>
{% trans %}attach file{% endtrans %}
</span>
@@ -66,6 +66,8 @@
</div>
</div>
+ {{ form.csrf_token }}
+
<div class=field>
<div class=control>
<input type=submit class=button value="{{ gettext('Send') }}">
@@ -75,7 +77,7 @@
</form>
<nav>
- <a href="javascript:history.back()" class="button">{% trans %}back{% endtrans %}</a>
+ <a href="javascript:history.back()" class=button>{% trans %}back{% endtrans %}</a>
</nav>
</div>
diff --git a/src/jwebmail/webmail.py b/src/jwebmail/webmail.py
index af60774..7e63307 100644
--- a/src/jwebmail/webmail.py
+++ b/src/jwebmail/webmail.py
@@ -1,4 +1,12 @@
from urllib.parse import urlparse
+from smtplib import (
+ SMTP_SSL,
+ SMTPHeloError,
+ SMTPAuthenticationError,
+ SMTPNotSupportedError,
+ SMTPException,
+)
+from email.message import EmailMessage
from flask import abort, current_app, flash, redirect, render_template, request, url_for
from flask_babel import gettext, lazy_gettext
@@ -200,21 +208,28 @@ def sendmail():
if not form.validate():
abort(400)
- mail = {
- "to": form.to.data,
- "message": form.content.data,
- "subject": form.subject.data,
- "cc": form.cc.data,
- "bcc": form.bcc.data,
- "reply": form.answer_to.data,
- "attach": form.attachments.data,
- "from": "",
- }
-
- error = send_mail(mail)
-
- if error:
- return render_template("writemail.html", warning=gettext("error_send")), 400
+ # mail = { "attach": form.attachments.data }
+ mail = EmailMessage()
+ mail["to"] = form.answer_to.data
+ mail["subject"] = form.subject.data
+ mail["cc"] = form.cc.data
+ mail["bcc"] = form.bcc.data
+ mail["reply"] = form.answer_to.data
+ mail.set_content(form.content.data)
+
+ try:
+ with SMTP_SSL(
+ current_app.config["JWEBMAIL"]["WRITE_MAILS"]["SMTPS_SERVER"]
+ ) as smtp:
+ smtp.login(current_user.id, current_user.password)
+ smtp.send_message(mail)
+ except (
+ SMTPHeloError,
+ SMTPAuthenticationError,
+ SMTPNotSupportedError,
+ SMTPException,
+ ):
+ return render_template("writemail.html", form=form, warning=gettext("error_send")), 400
flash(gettext("succ_send"))
return redirect(url_for("displayheaders"), 303)