diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/jwebmail/__init__.py | 7 | ||||
-rw-r--r-- | src/jwebmail/read_mails.py | 19 | ||||
-rw-r--r-- | src/jwebmail/templates/writemail.html | 8 | ||||
-rw-r--r-- | src/jwebmail/webmail.py | 45 |
4 files changed, 44 insertions, 35 deletions
diff --git a/src/jwebmail/__init__.py b/src/jwebmail/__init__.py index 58bc8d5..88309ff 100644 --- a/src/jwebmail/__init__.py +++ b/src/jwebmail/__init__.py @@ -7,6 +7,7 @@ from babel import parse_locale from flask import Flask, abort, g, redirect, url_for from flask_babel import Babel, get_locale from flask_login import LoginManager, login_required +from flask_wtf.csrf import CSRFProtect from jinja2 import ChainableUndefined from werkzeug.middleware.proxy_fix import ProxyFix @@ -34,7 +35,9 @@ else: toml_read_file = dict(load=toml_load, text=True) -__version__ = "2.2.1.dev1" +__version__ = "2.2.1.dev2" + +csrf = CSRFProtect() def validate_config(app): @@ -67,6 +70,8 @@ def create_app(): validate_config(app) + csrf.init_app(app) + babel = Babel(app, locale_selector=lambda: g.get("lang_code")) app.cli.add_command(compile_css_command) diff --git a/src/jwebmail/read_mails.py b/src/jwebmail/read_mails.py index 915567c..2d2b26c 100644 --- a/src/jwebmail/read_mails.py +++ b/src/jwebmail/read_mails.py @@ -42,14 +42,14 @@ def add_user(user: JWebmailUser): def load_user(username: str) -> JWebmailUser: - passwd = current_app.config["JWEBMAIL"]["READ_MAILS"]["SESSION_STORE_PASSWD"] + ss_password = current_app.config["JWEBMAIL"]["READ_MAILS"]["SESSION_STORE_PASSWD"] r = redis.Redis( host="localhost", port=6379, decode_responses=True, protocol=3, username="jwebmail", - password=passwd, + password=ss_password, ) passwd = r.getex(f"jwm:user:{username}", EXPIRATION_SEC) if passwd is None: @@ -61,19 +61,6 @@ def get_read_mails_logged_in(): if "read_mails" in g: return g.read_mails - passwd = current_app.config["JWEBMAIL"]["READ_MAILS"]["SESSION_STORE_PASSWD"] - r = redis.Redis( - host="localhost", - port=6379, - decode_responses=True, - protocol=3, - username="jwebmail", - password=passwd, - ) - passwd = r.get(f"jwm:user:{current_user.get_id()}") - if passwd is None: - raise KeyError(current_user.get_id()) - - qma = build_qma(current_user.get_id(), passwd) + qma = build_qma(current_user.get_id(), current_user.password) g.read_mails = qma return qma diff --git a/src/jwebmail/templates/writemail.html b/src/jwebmail/templates/writemail.html index 31adff1..a945081 100644 --- a/src/jwebmail/templates/writemail.html +++ b/src/jwebmail/templates/writemail.html @@ -9,7 +9,7 @@ <p class=message> {{ warning }} </p> {% endif %} - <form method="post" enctype="multipart/form-data"> + <form method=post enctype="multipart/form-data"> <div class=field> {{ form.send_to.label(class='label') }} @@ -57,7 +57,7 @@ <div class=file> <label class=file-label> {{ form.attachments(class='file-input') }} - <span class="file-cta"> + <span class=file-cta> <span class=file-label> {% trans %}attach file{% endtrans %} </span> @@ -66,6 +66,8 @@ </div> </div> + {{ form.csrf_token }} + <div class=field> <div class=control> <input type=submit class=button value="{{ gettext('Send') }}"> @@ -75,7 +77,7 @@ </form> <nav> - <a href="javascript:history.back()" class="button">{% trans %}back{% endtrans %}</a> + <a href="javascript:history.back()" class=button>{% trans %}back{% endtrans %}</a> </nav> </div> diff --git a/src/jwebmail/webmail.py b/src/jwebmail/webmail.py index af60774..7e63307 100644 --- a/src/jwebmail/webmail.py +++ b/src/jwebmail/webmail.py @@ -1,4 +1,12 @@ from urllib.parse import urlparse +from smtplib import ( + SMTP_SSL, + SMTPHeloError, + SMTPAuthenticationError, + SMTPNotSupportedError, + SMTPException, +) +from email.message import EmailMessage from flask import abort, current_app, flash, redirect, render_template, request, url_for from flask_babel import gettext, lazy_gettext @@ -200,21 +208,28 @@ def sendmail(): if not form.validate(): abort(400) - mail = { - "to": form.to.data, - "message": form.content.data, - "subject": form.subject.data, - "cc": form.cc.data, - "bcc": form.bcc.data, - "reply": form.answer_to.data, - "attach": form.attachments.data, - "from": "", - } - - error = send_mail(mail) - - if error: - return render_template("writemail.html", warning=gettext("error_send")), 400 + # mail = { "attach": form.attachments.data } + mail = EmailMessage() + mail["to"] = form.answer_to.data + mail["subject"] = form.subject.data + mail["cc"] = form.cc.data + mail["bcc"] = form.bcc.data + mail["reply"] = form.answer_to.data + mail.set_content(form.content.data) + + try: + with SMTP_SSL( + current_app.config["JWEBMAIL"]["WRITE_MAILS"]["SMTPS_SERVER"] + ) as smtp: + smtp.login(current_user.id, current_user.password) + smtp.send_message(mail) + except ( + SMTPHeloError, + SMTPAuthenticationError, + SMTPNotSupportedError, + SMTPException, + ): + return render_template("writemail.html", form=form, warning=gettext("error_send")), 400 flash(gettext("succ_send")) return redirect(url_for("displayheaders"), 303) |