def new_random_alias(): """ Create a new random alias Output: 201 if success """ user = g.user if not user.can_create_new_alias(): LOG.d("user %s cannot create new random alias", user) return ( jsonify( error= f"You have reached the limitation of a free account with the maximum of " f"{MAX_NB_EMAIL_FREE_PLAN} aliases, please upgrade your plan to create more aliases" ), 400, ) scheme = user.alias_generator gen_email = GenEmail.create_new_random(user_id=user.id, scheme=scheme) db.session.commit() hostname = request.args.get("hostname") if hostname: AliasUsedOn.create(gen_email_id=gen_email.id, hostname=hostname) db.session.commit() return jsonify(alias=gen_email.email), 201
def test_different_scenarios_v5(flask_client): user = User.create(email="[email protected]", password="******", name="Test User", activated=True) Session.commit() # create api_key api_key = ApiKey.create(user.id, "for test") Session.commit() # <<< without hostname >>> r = flask_client.get("/api/v5/alias/options", headers={"Authentication": api_key.code}) assert r.status_code == 200 assert r.json["can_create"] assert r.json["suffixes"] assert r.json["prefix_suggestion"] == "" # no hostname => no suggestion for suffix_payload in r.json["suffixes"]: suffix, signed_suffix = ( suffix_payload["suffix"], suffix_payload["signed_suffix"], ) assert signed_suffix.startswith(suffix) # <<< with hostname >>> r = flask_client.get( "/api/v5/alias/options?hostname=www.test.com", headers={"Authentication": api_key.code}, ) assert r.json["prefix_suggestion"] == "test" # <<< with hostname with 2 parts TLD, for example wwww.numberoneshoes.co.nz >>> r = flask_client.get( "/api/v5/alias/options?hostname=wwww.numberoneshoes.co.nz", headers={"Authentication": api_key.code}, ) assert r.json["prefix_suggestion"] == "numberoneshoes" # <<< with recommendation >>> alias = Alias.create_new(user, prefix="test") Session.commit() AliasUsedOn.create(alias_id=alias.id, hostname="www.test.com", user_id=alias.user_id) Session.commit() r = flask_client.get( url_for("api.options_v4", hostname="www.test.com"), headers={"Authentication": api_key.code}, ) assert r.json["recommendation"]["alias"] == alias.email assert r.json["recommendation"]["hostname"] == "www.test.com"
def new_custom_alias(): """ Create a new custom alias Input: alias_prefix, for ex "www_groupon_com" alias_suffix, either [email protected] or @my-domain.com optional "hostname" in args optional "note" Output: 201 if success 409 if the alias already exists """ user: User = g.user if not user.can_create_new_alias(): LOG.d("user %s cannot create any custom alias", user) return ( jsonify( error="You have reached the limitation of a free account with the maximum of " f"{MAX_NB_EMAIL_FREE_PLAN} aliases, please upgrade your plan to create more aliases" ), 400, ) user_custom_domains = [cd.domain for cd in user.verified_custom_domains()] hostname = request.args.get("hostname") data = request.get_json() if not data: return jsonify(error="request body cannot be empty"), 400 alias_prefix = data.get("alias_prefix", "").strip() alias_suffix = data.get("alias_suffix", "").strip() note = data.get("note") alias_prefix = convert_to_id(alias_prefix) if not verify_prefix_suffix(user, alias_prefix, alias_suffix, user_custom_domains): return jsonify(error="wrong alias prefix or suffix"), 400 full_alias = alias_prefix + alias_suffix if GenEmail.get_by(email=full_alias): LOG.d("full alias already used %s", full_alias) return jsonify(error=f"alias {full_alias} already exists"), 409 gen_email = GenEmail.create( user_id=user.id, email=full_alias, mailbox_id=user.default_mailbox_id, note=note ) db.session.commit() if hostname: AliasUsedOn.create(gen_email_id=gen_email.id, hostname=hostname) db.session.commit() return jsonify(alias=full_alias), 201
def new_random_alias(): """ Create a new random alias Input: (Optional) note Output: 201 if success """ user = g.user if not user.can_create_new_alias(): LOG.d("user %s cannot create new random alias", user) return ( jsonify( error= f"You have reached the limitation of a free account with the maximum of " f"{MAX_NB_EMAIL_FREE_PLAN} aliases, please upgrade your plan to create more aliases" ), 400, ) note = None data = request.get_json(silent=True) if data: note = data.get("note") scheme = user.alias_generator mode = request.args.get("mode") if mode: if mode == "word": scheme = AliasGeneratorEnum.word.value elif mode == "uuid": scheme = AliasGeneratorEnum.uuid.value else: return jsonify(error=f"{mode} must be either word or alias"), 400 alias = Alias.create_new_random(user=user, scheme=scheme, note=note) db.session.commit() hostname = request.args.get("hostname") if hostname: AliasUsedOn.create(alias_id=alias.id, hostname=hostname, user_id=alias.user_id) db.session.commit() return ( jsonify(alias=alias.email, **serialize_alias_info(get_alias_info(alias))), 201, )
def test_different_scenarios(flask_client): user = User.create( email="[email protected]", password="******", name="Test User", activated=True, commit=True, ) # create api_key api_key = ApiKey.create(user.id, "for test") db.session.commit() # <<< without hostname >>> r = flask_client.get(url_for("api.options"), headers={"Authentication": api_key.code}) # { # "can_create_custom": True, # "custom": {"suffixes": ["*****@*****.**"], "suggestion": ""}, # "existing": ["*****@*****.**"], # } assert r.status_code == 200 assert r.json["can_create_custom"] assert len(r.json["existing"]) == 1 assert len(r.json["custom"]["suffixes"]) == 4 assert r.json["custom"]["suggestion"] == "" # no hostname => no suggestion # <<< with hostname >>> r = flask_client.get( url_for("api.options", hostname="www.test.com"), headers={"Authentication": api_key.code}, ) assert r.json["custom"]["suggestion"] == "test" # <<< with recommendation >>> alias = Alias.create_new(user, prefix="test") db.session.commit() AliasUsedOn.create(alias_id=alias.id, hostname="www.test.com", user_id=user.id) db.session.commit() r = flask_client.get( url_for("api.options", hostname="www.test.com"), headers={"Authentication": api_key.code}, ) assert r.json["recommendation"]["alias"] == alias.email assert r.json["recommendation"]["hostname"] == "www.test.com"
def test_different_scenarios_v4(flask_client): user = User.create( email="[email protected]", password="******", name="Test User", activated=True ) db.session.commit() # create api_key api_key = ApiKey.create(user.id, "for test") db.session.commit() # <<< without hostname >>> r = flask_client.get( url_for("api.options_v4"), headers={"Authentication": api_key.code} ) assert r.status_code == 200 assert r.json["can_create"] assert r.json["suffixes"] assert r.json["prefix_suggestion"] == "" # no hostname => no suggestion for (suffix, signed_suffix) in r.json["suffixes"]: assert signed_suffix.startswith(suffix) # <<< with hostname >>> r = flask_client.get( url_for("api.options_v4", hostname="www.test.com"), headers={"Authentication": api_key.code}, ) assert r.json["prefix_suggestion"] == "test" # <<< with recommendation >>> alias = Alias.create_new(user, prefix="test") db.session.commit() AliasUsedOn.create( alias_id=alias.id, hostname="www.test.com", user_id=alias.user_id ) db.session.commit() r = flask_client.get( url_for("api.options_v4", hostname="www.test.com"), headers={"Authentication": api_key.code}, ) assert r.json["recommendation"]["alias"] == alias.email assert r.json["recommendation"]["hostname"] == "www.test.com"
def test_different_scenarios_v2(flask_client): user = User.create( email="[email protected]", password="******", name="Test User", activated=True ) db.session.commit() # create api_key api_key = ApiKey.create(user.id, "for test") db.session.commit() # <<< without hostname >>> r = flask_client.get( url_for("api.options_v2"), headers={"Authentication": api_key.code} ) assert r.status_code == 200 # {'can_create': True, 'existing': ['*****@*****.**'], 'prefix_suggestion': '', 'suffixes': ['*****@*****.**']} assert r.json["can_create"] assert len(r.json["existing"]) == 1 assert r.json["suffixes"] assert r.json["prefix_suggestion"] == "" # no hostname => no suggestion # <<< with hostname >>> r = flask_client.get( url_for("api.options_v2", hostname="www.test.com"), headers={"Authentication": api_key.code}, ) assert r.json["prefix_suggestion"] == "test" # <<< with recommendation >>> alias = Alias.create_new(user, prefix="test") db.session.commit() AliasUsedOn.create( alias_id=alias.id, hostname="www.test.com", user_id=alias.user_id ) db.session.commit() r = flask_client.get( url_for("api.options_v2", hostname="www.test.com"), headers={"Authentication": api_key.code}, ) assert r.json["recommendation"]["alias"] == alias.email assert r.json["recommendation"]["hostname"] == "www.test.com"
def new_custom_alias(): """ Currently used by Safari extension. Create a new custom alias Input: alias_prefix, for ex "www_groupon_com" alias_suffix, either [email protected] or @my-domain.com optional "hostname" in args optional "note" Output: 201 if success 409 if the alias already exists """ LOG.warning("/alias/custom/new is obsolete") user: User = g.user if not user.can_create_new_alias(): LOG.d("user %s cannot create any custom alias", user) return ( jsonify( error= "You have reached the limitation of a free account with the maximum of " f"{MAX_NB_EMAIL_FREE_PLAN} aliases, please upgrade your plan to create more aliases" ), 400, ) hostname = request.args.get("hostname") data = request.get_json() if not data: return jsonify(error="request body cannot be empty"), 400 alias_prefix = data.get("alias_prefix", "").strip().lower().replace(" ", "") alias_suffix = data.get("alias_suffix", "").strip().lower().replace(" ", "") note = data.get("note") alias_prefix = convert_to_id(alias_prefix) if not verify_prefix_suffix(user, alias_prefix, alias_suffix): return jsonify(error="wrong alias prefix or suffix"), 400 full_alias = alias_prefix + alias_suffix if (Alias.get_by(email=full_alias) or DeletedAlias.get_by(email=full_alias) or DomainDeletedAlias.get_by(email=full_alias)): LOG.d("full alias already used %s", full_alias) return jsonify(error=f"alias {full_alias} already exists"), 409 alias = Alias.create(user_id=user.id, email=full_alias, mailbox_id=user.default_mailbox_id, note=note) if alias_suffix.startswith("@"): alias_domain = alias_suffix[1:] domain = CustomDomain.get_by(domain=alias_domain) if domain: LOG.d("set alias %s to domain %s", full_alias, domain) alias.custom_domain_id = domain.id db.session.commit() if hostname: AliasUsedOn.create(alias_id=alias.id, hostname=hostname, user_id=alias.user_id) db.session.commit() return jsonify(alias=full_alias, **serialize_alias_info(get_alias_info(alias))), 201
def new_custom_alias_v3(): """ Create a new custom alias Same as v2 but accept a list of mailboxes as input Input: alias_prefix, for ex "www_groupon_com" signed_suffix, either [email protected] or @my-domain.com mailbox_ids: list of int optional "hostname" in args optional "note" optional "name" Output: 201 if success 409 if the alias already exists """ user: User = g.user if not user.can_create_new_alias(): LOG.d("user %s cannot create any custom alias", user) return ( jsonify( error= "You have reached the limitation of a free account with the maximum of " f"{MAX_NB_EMAIL_FREE_PLAN} aliases, please upgrade your plan to create more aliases" ), 400, ) hostname = request.args.get("hostname") data = request.get_json() if not data: return jsonify(error="request body cannot be empty"), 400 alias_prefix = data.get("alias_prefix", "").strip().lower().replace(" ", "") signed_suffix = data.get("signed_suffix", "").strip() mailbox_ids = data.get("mailbox_ids") note = data.get("note") name = data.get("name") if name: name = name.replace("\n", "") alias_prefix = convert_to_id(alias_prefix) if not check_alias_prefix(alias_prefix): return jsonify(error="alias prefix invalid format or too long"), 400 # check if mailbox is not tempered with mailboxes = [] for mailbox_id in mailbox_ids: mailbox = Mailbox.get(mailbox_id) if not mailbox or mailbox.user_id != user.id or not mailbox.verified: return jsonify(error="Errors with Mailbox"), 400 mailboxes.append(mailbox) if not mailboxes: return jsonify(error="At least one mailbox must be selected"), 400 # hypothesis: user will click on the button in the 600 secs try: alias_suffix = signer.unsign(signed_suffix, max_age=600).decode() except SignatureExpired: LOG.warning("Alias creation time expired for %s", user) return jsonify( error="Alias creation time is expired, please retry"), 412 except Exception: LOG.warning("Alias suffix is tampered, user %s", user) return jsonify(error="Tampered suffix"), 400 if not verify_prefix_suffix(user, alias_prefix, alias_suffix): return jsonify(error="wrong alias prefix or suffix"), 400 full_alias = alias_prefix + alias_suffix if (Alias.get_by(email=full_alias) or DeletedAlias.get_by(email=full_alias) or DomainDeletedAlias.get_by(email=full_alias)): LOG.d("full alias already used %s", full_alias) return jsonify(error=f"alias {full_alias} already exists"), 409 custom_domain_id = None if alias_suffix.startswith("@"): alias_domain = alias_suffix[1:] domain = CustomDomain.get_by(domain=alias_domain) if domain: custom_domain_id = domain.id alias = Alias.create( user_id=user.id, email=full_alias, note=note, name=name or None, mailbox_id=mailboxes[0].id, custom_domain_id=custom_domain_id, ) db.session.flush() for i in range(1, len(mailboxes)): AliasMailbox.create( alias_id=alias.id, mailbox_id=mailboxes[i].id, ) db.session.commit() if hostname: AliasUsedOn.create(alias_id=alias.id, hostname=hostname, user_id=alias.user_id) db.session.commit() return ( jsonify(alias=full_alias, **serialize_alias_info_v2(get_alias_info_v2(alias))), 201, )
def new_custom_alias_v2(): """ Create a new custom alias Same as v1 but signed_suffix is actually the suffix with signature, e.g. [email protected] Input: alias_prefix, for ex "www_groupon_com" signed_suffix, either [email protected] or @my-domain.com optional "hostname" in args optional "note" Output: 201 if success 409 if the alias already exists """ user: User = g.user if not user.can_create_new_alias(): LOG.d("user %s cannot create any custom alias", user) return ( jsonify( error= "You have reached the limitation of a free account with the maximum of " f"{MAX_NB_EMAIL_FREE_PLAN} aliases, please upgrade your plan to create more aliases" ), 400, ) hostname = request.args.get("hostname") data = request.get_json() if not data: return jsonify(error="request body cannot be empty"), 400 alias_prefix = data.get("alias_prefix", "").strip().lower().replace(" ", "") signed_suffix = data.get("signed_suffix", "").strip() note = data.get("note") alias_prefix = convert_to_id(alias_prefix) # hypothesis: user will click on the button in the 600 secs try: alias_suffix = signer.unsign(signed_suffix, max_age=600).decode() except SignatureExpired: LOG.warning("Alias creation time expired for %s", user) return jsonify( error="Alias creation time is expired, please retry"), 412 except Exception: LOG.warning("Alias suffix is tampered, user %s", user) return jsonify(error="Tampered suffix"), 400 if not verify_prefix_suffix(user, alias_prefix, alias_suffix): return jsonify(error="wrong alias prefix or suffix"), 400 full_alias = alias_prefix + alias_suffix if (Alias.get_by(email=full_alias) or DeletedAlias.get_by(email=full_alias) or DomainDeletedAlias.get_by(email=full_alias)): LOG.d("full alias already used %s", full_alias) return jsonify(error=f"alias {full_alias} already exists"), 409 custom_domain_id = None if alias_suffix.startswith("@"): alias_domain = alias_suffix[1:] domain = CustomDomain.get_by(domain=alias_domain) # check if the alias is currently in the domain trash if domain and DomainDeletedAlias.get_by(domain_id=domain.id, email=full_alias): LOG.d( f"Alias {full_alias} is currently in the {domain.domain} trash. " ) return jsonify(error=f"alias {full_alias} in domain trash"), 409 if domain: custom_domain_id = domain.id alias = Alias.create( user_id=user.id, email=full_alias, mailbox_id=user.default_mailbox_id, note=note, custom_domain_id=custom_domain_id, ) db.session.commit() if hostname: AliasUsedOn.create(alias_id=alias.id, hostname=hostname, user_id=alias.user_id) db.session.commit() return ( jsonify(alias=full_alias, **serialize_alias_info_v2(get_alias_info_v2(alias))), 201, )
def new_custom_alias(): """ Create a new custom alias Input: alias_prefix, for ex "www_groupon_com" alias_suffix, either [email protected] or @my-domain.com optional "hostname" in args Output: 201 if success 409 if alias already exists """ user = g.user if not user.can_create_new_alias(): LOG.d("user %s cannot create custom alias", user) return ( jsonify( error="You have created 3 custom aliases, please upgrade to create more" ), 400, ) user_custom_domains = [cd.domain for cd in user.verified_custom_domains()] hostname = request.args.get("hostname") data = request.get_json() alias_prefix = data["alias_prefix"] alias_suffix = data["alias_suffix"] # make sure alias_prefix is not empty alias_prefix = alias_prefix.strip() alias_prefix = convert_to_id(alias_prefix) if not alias_prefix: # should be checked on frontend LOG.d("user %s submits empty alias prefix %s", user, alias_prefix) return jsonify(error="alias prefix cannot be empty"), 400 # make sure alias_suffix is either [email protected] or @my-domain.com alias_suffix = alias_suffix.strip() if alias_suffix.startswith("@"): custom_domain = alias_suffix[1:] if custom_domain not in user_custom_domains: LOG.d("user %s submits wrong custom domain %s ", user, custom_domain) return jsonify(error="error"), 400 else: if not alias_suffix.startswith("."): LOG.d("user %s submits wrong alias suffix %s", user, alias_suffix) return jsonify(error="error"), 400 if not alias_suffix.endswith(EMAIL_DOMAIN): LOG.d("user %s submits wrong alias suffix %s", user, alias_suffix) return jsonify(error="error"), 400 random_letters = alias_suffix[1 : alias_suffix.find("@")] if len(random_letters) < 5: LOG.d("user %s submits wrong alias suffix %s", user, alias_suffix) return jsonify(error="error"), 400 full_alias = alias_prefix + alias_suffix if GenEmail.get_by(email=full_alias): LOG.d("full alias already used %s", full_alias) return jsonify(error=f"alias {full_alias} already exists"), 409 gen_email = GenEmail.create(user_id=user.id, email=full_alias) db.session.commit() if hostname: AliasUsedOn.create(gen_email_id=gen_email.id, hostname=hostname) db.session.commit() return jsonify(alias=full_alias), 201
def new_random_alias(): """ Create a new random alias Input: (Optional) note Output: 201 if success """ user = g.user if not user.can_create_new_alias(): LOG.d("user %s cannot create new random alias", user) return ( jsonify( error= f"You have reached the limitation of a free account with the maximum of " f"{MAX_NB_EMAIL_FREE_PLAN} aliases, please upgrade your plan to create more aliases" ), 400, ) note = None data = request.get_json(silent=True) if data: note = data.get("note") alias = None # custom alias suggestion and suffix hostname = request.args.get("hostname") if hostname and user.include_website_in_one_click_alias: LOG.d("Use %s to create new alias", hostname) # keep only the domain name of hostname, ignore TLD and subdomain # for ex www.groupon.com -> groupon ext = tldextract.extract(hostname) prefix_suggestion = ext.domain prefix_suggestion = convert_to_id(prefix_suggestion) suffixes = get_available_suffixes(user) # use the first suffix suggested_alias = prefix_suggestion + suffixes[0].suffix alias = Alias.get_by(email=suggested_alias) # cannot use this alias as it belongs to another user if alias and not alias.user_id == user.id: LOG.d("%s belongs to another user", alias) alias = None elif alias and alias.user_id == user.id: # make sure alias was created for this website if AliasUsedOn.get_by(alias_id=alias.id, hostname=hostname, user_id=alias.user_id): LOG.d("Use existing alias %s", alias) else: LOG.d("%s wasn't created for this website %s", alias, hostname) alias = None elif not alias: LOG.d("create new alias %s", suggested_alias) try: alias = Alias.create( user_id=user.id, email=suggested_alias, note=note, mailbox_id=user.default_mailbox_id, commit=True, ) except AliasInTrashError: LOG.i("Alias %s is in trash", suggested_alias) alias = None if not alias: scheme = user.alias_generator mode = request.args.get("mode") if mode: if mode == "word": scheme = AliasGeneratorEnum.word.value elif mode == "uuid": scheme = AliasGeneratorEnum.uuid.value else: return jsonify( error=f"{mode} must be either word or uuid"), 400 alias = Alias.create_new_random(user=user, scheme=scheme, note=note) Session.commit() if hostname and not AliasUsedOn.get_by(alias_id=alias.id, hostname=hostname): AliasUsedOn.create(alias_id=alias.id, hostname=hostname, user_id=alias.user_id) Session.commit() return ( jsonify(alias=alias.email, **serialize_alias_info_v2(get_alias_info_v2(alias))), 201, )