0001-emails-restrict-domains-for-default_from_email-72173.patch

Thomas Noël, 16 décembre 2022 12:15

Voir les différences: en ligne côte à côte

Subject: [PATCH] emails: restrict domains for default_from_email (#72173)

 hobo/emails/forms.py      |  3 ++-
 hobo/emails/validators.py | 18 +++++++++++++
 hobo/settings.py          |  4 +++
 tests/test_emails.py      | 57 +++++++++++++++++++++++++++++++++++++--
 4 files changed, 79 insertions(+), 3 deletions(-)

     from django.core.validators import validate_email
     from django.utils.translation import ugettext_lazy as _
     from hobo.emails.validators import validate_email_address, validate_email_spf
     from hobo.emails.validators import validate_email_address, validate_email_spf, validate_email_domain
     class ValidEmailField(forms.EmailField):
         def validate(self, value):
             validate_email(value)
             validate_email_domain(value)
             validate_email_address(value)
             validate_email_spf(value)

     import smtplib
     import socket
     import urllib.parse
     import dns.resolver
     from django.conf import settings
-...
                 if allowed_record in spf_record:
                     return
         raise ValidationError(_('No suitable SPF record found for %s') % email_domain)
     def validate_email_domain(value):
         domain = value.split('@')[-1].strip().strip('.')
         domains = settings.EMAIL_FROM_ALLOWED_DOMAINS
         if '*' in domains or domain in domains:
             return
         known_services = getattr(settings, 'KNOWN_SERVICES', {})
         for app in known_services.values():
             for instance in app.values():
                 url = instance.get('url')
                 if not url:
                     continue
                 fqdn = urllib.parse.urlparse(url).netloc.split(':')[0]
                 if fqdn == domain or fqdn == 'www.' + domain:
                     return
         raise ValidationError(_('Domain %s is not allowed') % domain)

     HOBO_VALIDATE_EMAIL_WITH_SMTP = True
     ALLOWED_SPF_RECORDS = []
     # EMAIL_FROM_ALLOWED_DOMAINS: list of allowed domains for default_from_email.
     # Use ['*'] to allow all domains.
     # Note: all KNOWN_SERVICES url domains are always allowed
     EMAIL_FROM_ALLOWED_DOMAINS = []
     # Application definition

         assert 'Enter a valid email address' in force_text(response.content)
     def test_unkown_address(client, admin_user, dns_resolver, smtp_server):
     def test_unkown_address(client, admin_user, dns_resolver, smtp_server, settings):
         settings.EMAIL_FROM_ALLOWED_DOMAINS = ['*']
         client.post('/login/', {'username': 'admin', 'password': 'password'})
         response = client.post('/emails/', {'default_from_email': 'john.doe@unknown.com'})
         assert response.status_code == 200
         assert 'Email address not found' in force_text(response.content)
     def test_kown_address_nospf(client, admin_user, dns_resolver, smtp_server):
     def test_kown_address_nospf(client, admin_user, dns_resolver, smtp_server, settings):
         settings.EMAIL_FROM_ALLOWED_DOMAINS = ['*']
         client.post('/login/', {'username': 'admin', 'password': 'password'})
         response = client.post('/emails/', {'default_from_email': 'john.doe@example.com'}, follow=True)
         assert response.status_code == 200
-...
     def test_spf_allow_all_mail(client, admin_user, dns_resolver, smtp_server, settings):
         settings.EMAIL_FROM_ALLOWED_DOMAINS = ['*']
         client.post('/login/', {'username': 'admin', 'password': 'password'})
         response = client.post(
             '/emails/', {'default_from_email': 'john.doe@example-spf-allow-all.com'}, follow=True
-...
     def test_invalid_spf(client, admin_user, dns_resolver, smtp_server, settings):
         settings.EMAIL_FROM_ALLOWED_DOMAINS = ['*']
         settings.ALLOWED_SPF_RECORDS = ['include:example.com']
         client.post('/login/', {'username': 'admin', 'password': 'password'})
         response = client.post('/emails/', {'default_from_email': 'john.doe@example-invalid-spf.com'})
-...
     def test_strict_nospf(client, admin_user, dns_resolver, smtp_server, monkeypatch, settings):
         settings.EMAIL_FROM_ALLOWED_DOMAINS = ['*']
         settings.ALLOWED_SPF_RECORDS = ['include:allowed_mx.com']
         monkeypatch.setattr('hobo.emails.validators.validate_email_spf.__defaults__', (True,))
         client.post('/login/', {'username': 'admin', 'password': 'password'})
-...
     def test_valid_spf(client, admin_user, dns_resolver, smtp_server, settings):
         settings.EMAIL_FROM_ALLOWED_DOMAINS = ['*']
         settings.ALLOWED_SPF_RECORDS = ['include:allowed_mx.com']
         client.post('/login/', {'username': 'admin', 'password': 'password'})
         response = client.post('/emails/', {'default_from_email': 'john.doe@example-spf.com'}, follow=True)
-...
     def test_no_spf_validation(client, admin_user, dns_resolver, smtp_server, settings):
         settings.EMAIL_FROM_ALLOWED_DOMAINS = ['*']
         settings.ALLOWED_SPF_RECORDS = []
         client.post('/login/', {'username': 'admin', 'password': 'password'})
         response = client.post(
-...
+        )
     def test_sender_allowed_domains(client, admin_user, dns_resolver, smtp_server, settings):
         settings.HOBO_VALIDATE_EMAIL_WITH_SMTP = False
         client.post('/login/', {'username': 'admin', 'password': 'password'})
         response = client.post('/emails/', {'default_from_email': 'john.doe@example.com'}, follow=True)
         assert response.status_code == 200
         assert 'Domain example.com is not allowed' in force_text(response.content)
         assert 'Emails settings have been updated.' not in force_text(response.content)
         settings.EMAIL_FROM_ALLOWED_DOMAINS = ['example.com', 'foo.bar']
         response = client.post('/emails/', {'default_from_email': 'john.doe@example.com'}, follow=True)
         assert response.status_code == 200
         assert 'Emails settings have been updated.' in force_text(response.content)
         assert 'Domain example.com is not allowed' not in force_text(response.content)
         settings.EMAIL_FROM_ALLOWED_DOMAINS = []
         settings.KNOWN_SERVICES = {
             'combo': {
                 'portal': {
                     'title': 'Portal',
                     'url': 'https://example.org/test',
                 },
                 'other': {
                     'title': 'Empty',
                 },
+            }
+        }
         response = client.post('/emails/', {'default_from_email': 'john.doe@example.org'}, follow=True)
         assert response.status_code == 200
         assert 'Emails settings have been updated.' in force_text(response.content)
         response = client.post('/emails/', {'default_from_email': 'john.doe@example.com'}, follow=True)
         assert response.status_code == 200
         assert 'Domain example.com is not allowed' in force_text(response.content)
         response = client.post('/emails/', {'default_from_email': 'john.doe@brother.example.org'}, follow=True)
         assert response.status_code == 200
         assert 'Domain brother.example.org is not allowed' in force_text(response.content)
         settings.KNOWN_SERVICES['combo']['portal']['url'] = 'https://www.example.com'
         response = client.post('/emails/', {'default_from_email': 'john.doe@example.com'}, follow=True)
         assert response.status_code == 200
         assert 'Emails settings have been updated.' in force_text(response.content)
     def test_emails_view(app, admin_user, dns_resolver, smtp_server, settings):
         settings.EMAIL_FROM_ALLOWED_DOMAINS = ['*']
         settings.ALLOWED_SPF_RECORDS = ['include:allowed_mx.com']
         app = login(app)
         resp = app.get('/emails/')
+    -

Projet

Général

Profil

Produits Entr'ouvert » Hobo

0001-emails-restrict-domains-for-default_from_email-72173.patch