1
0
mirror of https://github.com/django/django.git synced 2025-01-12 11:26:23 +00:00
Commit Graph

138 Commits

Author SHA1 Message Date
Natalia
8c35a0a903 Fixed CVE-2024-45231 -- Avoided server error on password reset when email sending fails.
On successful submission of a password reset request, an email is sent
to the accounts known to the system. If sending this email fails (due to
email backend misconfiguration, service provider outage, network issues,
etc.), an attacker might exploit this by detecting which password reset
requests succeed and which ones generate a 500 error response.

Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam
Johnson, and Sarah Boyce for the reviews.
2024-09-03 09:22:32 -03:00
Jake Howard
d5bebc1c26 Refs -- Improved documentation and test coverage for email attachments and alternatives. 2024-08-05 09:21:44 +02:00
Mike Edmunds
b9098538a9 Fixed , Refs -- Fixed repeated headers in EmailMessage.
Fixed a regression which would cause multiple To, Cc, and
Reply-To headers in the result of EmailMessage.message() if
values were supplied for both to/cc/reply_to and the
corresponding extra_headers fields.

Updated related tests to check the generated message() has
exactly one of each expected header using get_all().

Regression in b03d500295.
2024-07-11 08:00:46 +02:00
Ronny Vedrilla
5fef6d2445 Fixed -- Added EmailMultiAlternatives.body_contains() helper method. 2024-06-21 12:00:56 +02:00
Jake Howard
aba0e541ca Fixed -- Changed EmailMessage.attachments and EmailMultiAlternatives.alternatives to use namedtuples.
This makes it more descriptive to pull out the named fields.
2024-06-20 09:43:40 +02:00
Mariusz Felisiak
4ee68bb4f5 Fixed mail.tests.MailTests.test_backend_arg() test on Python 3.13+.
There is no point in asserting Python error messages.
2024-06-14 13:20:54 +02:00
Natalia
338ec052b4 Refs -- Added test for Email line length checks when dealing with surrogate pairs.
Refs ,  and .
2024-04-10 17:56:55 +02:00
Mariusz Felisiak
305757aec1
Applied Black's 2024 stable style.
https://github.com/psf/black/releases/tag/24.1.0
2024-01-26 12:45:07 +01:00
Baptiste Mispelon
a702a0773d
Added test for the sendtestemail command when no recipients are given. 2024-01-24 15:02:42 -03:00
Mariusz Felisiak
0c5456ef37
Used enterClassContext() where appropriate. 2024-01-04 05:55:29 +01:00
Mariusz Felisiak
d88ec42bd0
Used addCleanup() in tests where appropriate. 2023-12-31 10:01:31 +01:00
sindre
64060d1c17 Fixed -- Prevented mutating sent emails from outbox in locmem email backend. 2023-10-25 08:52:31 +02:00
Mariusz Felisiak
da2f8e8257
Refs -- Improved sanitize_address() error message for tuple with empty strings. 2023-07-17 11:03:36 +02:00
Nick Pope
9bd174b9a7 Updated documentation and comments for RFC updates.
- Updated references to RFC 1123 to RFC 5322
  - Only partial as RFC 5322 sort of sub-references RFC 1123.
- Updated references to RFC 2388 to RFC 7578
  - Except RFC 2388 Section 5.3 which has no equivalent.
- Updated references to RFC 2396 to RFC 3986
- Updated references to RFC 2616 to RFC 9110
- Updated references to RFC 3066 to RFC 5646
- Updated references to RFC 7230 to RFC 9112
- Updated references to RFC 7231 to RFC 9110
- Updated references to RFC 7232 to RFC 9110
- Updated references to RFC 7234 to RFC 9111
- Tidied up style of text when referring to RFC documents
2022-11-10 13:52:17 +01:00
David Smith
fac3dd7f39
Refs -- Fixed MailTests.test_backend_arg() on Windows and Python 3.11+. 2022-02-19 20:36:01 +01:00
Mariusz Felisiak
7119f40c98 Refs -- Refactored code to strictly match 88 characters line length. 2022-02-07 20:37:05 +01:00
django-bot
9c19aff7c7 Refs -- Reformatted code with Black. 2022-02-07 20:37:05 +01:00
Mariusz Felisiak
569a33579c
Refs -- Removed usage of deprecated asyncore and smtpd modules.
asyncore and smtpd modules were deprecated in Python 3.10.
2021-10-15 09:58:35 +02:00
Mariusz Felisiak
cdad96e633
Refs -- Removed SMTPBackendTests.test_server_login().
test_server_login() was a regression test for a crash when passing
Unicode strings to SMTP server using CRAM-MD5 method on Python 2.
Python 2 is no longer supported and test_server_login() passes even
without FakeSMTPChannel.smtp_AUTH() because
smtplib.SMTPAuthenticationError is raised when AUTH is not implemented.
2021-10-14 11:36:51 +02:00
Mariusz Felisiak
213850b4b9
Refs -- Used addClassCleanup() in tests.
Inspired by Adam Johnson talk on DjangoCon Europe 2021.
2021-06-04 12:53:11 +02:00
Daniyal
474cc420bf Refs -- Raised Type/ValueError instead of using "assert" in django.core. 2021-03-19 08:04:37 +01:00
Konstantin Alekseev
e5118b545b Used mock.Mock() in SMTPBackendTests.
Using bool caused mypy typecheck failures.
2020-08-07 20:31:47 +02:00
Florian Apolloner
96a3ea39ef Fixed -- Fixed crash when sending emails on Python 3.6.11+, 3.7.8+, and 3.8.4+.
Fixed sending emails crash on email addresses with display names longer
then 75 chars on Python 3.6.11+, 3.7.8+, and 3.8.4+.

Wrapped display names were passed to email.headerregistry.Address()
what caused raising an exception because address parts cannot contain
CR or LF.

See https://bugs.python.org/issue39073

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-07-20 07:10:40 +02:00
Mariusz Felisiak
f405954ea2 Refs -- Added test for preventing header injection in display name of email addresses. 2020-07-20 07:10:16 +02:00
Jon Dufresne
505fec6bad Capitalized Unicode in docs, strings, and comments. 2020-04-20 12:10:33 +02:00
Jon Dufresne
e3c2fae4cd Adjusted expected exception message for Windows.
Test failure introduced in fbbff7f808.

Windows uses a different error message when a non-path is passed to
os.path functions.
2019-11-06 14:34:44 +01:00
Jon Dufresne
fbbff7f808 Refs -- Added pathlib.Path support to the file email backend. 2019-11-06 09:33:07 +01:00
Chason Chaffin
55b68de643 Fixed -- Fixed non-unicode EmailMessage crash when domain name for localhost is non-ASCII.
Assisted by felixxm.
2019-07-03 10:49:03 +02:00
Hasan Ramezani
090ca6512f Fixed -- Made mail_admins()/mail_managers() raise ValueError if ADMINS/MANAGERS is set incorrectly. 2019-07-02 07:34:07 +02:00
Carlton Gibson
1564e42ad3 Refs , -- Added local-only address to sanitize_email() tests cases.
email.headerregistry.parser.get_mailbox() returns a token with a `token_type` attribute.

If `token_type` is `’invalid-mailbox’` then RFC violations have been detected. Emails with only the local part, and no domain,  are correctly parsed but are marked as `’invalid-mailbox’`.

As per , local-only are supported, to enable sending to addresses on localhost.

sanitize_email() does not currently check `token_type`. This test is added to avoid a regression in case this is revisited in the future.
2019-06-13 17:29:58 +02:00
Joachim Jablon
2628ea9515 Fixed -- Used email.headerregistry.parser for parsing emails in sanitize_address(). 2019-06-13 16:22:15 +02:00
Joachim Jablon
8ba20d9071 Refs -- Added tests for sanitizing email addresses with display name and two @ signs. 2019-06-06 15:05:56 +02:00
Joachim Jablon
f841a776fe Refs -- Used subTest() in MailTests.test_sanitize_address. 2019-06-06 14:50:40 +02:00
Sergey Fedoseev
1933e56eca Removed uneeded generator expressions and list comprehensions. 2019-02-09 09:18:48 -05:00
Tim Graham
7e6b214ed3 Fixed -- Dropped support for Python 3.5. 2019-01-30 10:19:48 -05:00
Jon Dufresne
7785e03ba8 Fixed -- Replaced OSError aliases with the canonical OSError.
Used more specific errors (e.g. FileExistsError) as appropriate.
2019-01-28 11:15:06 -05:00
Tim Graham
0004daa536
Used 4 space hanging indent for dictionaries.
Thanks Mariusz Felisiak for auditing.
2019-01-02 18:18:19 -05:00
Denis Stebunov
277de22984 Fixed -- Made SMTP EmailBackend.send_messages() return 0 for empty/error cases. 2018-12-26 13:33:08 -05:00
jannschu
efc0f77f02 Fixed -- Fixed loss of custom utf-8 body encoding in mails. 2018-10-22 15:21:33 -04:00
Tim Graham
ec594942cd Removed unnecessary str() in mail tests.
Unnecessary since their introduction in
fa75b2cb51.
2018-08-04 10:15:51 -04:00
Mariusz Felisiak
362813d628
Fixed hanging indentation in various code. 2018-03-16 10:54:34 +01:00
Williams Mendez
2691ed7ba1 Fixed -- Fixed EmailMessage crash when body is None. 2018-02-20 09:34:01 -05:00
Tim Graham
fa75b2cb51
Refs -- Removed force_bytes/text() usage in tests. 2018-02-07 14:20:04 -05:00
Mads Jensen
999fc0687d Added a few tests for smtp EmailBackend. 2018-01-15 12:25:17 -05:00
Jon Dufresne
da82939e5a Fixed -- Made EmailMessage.message() omit an empty To header. 2017-12-30 09:38:03 -05:00
Jon Dufresne
b03d500295 Fixed -- Made EmailMessage.message() set Cc from headers dict if it exists. 2017-12-30 09:37:59 -05:00
Jon Dufresne
6334939417 Tested passing To/Cc/Reply-To in EmailMessage(headers=...) without the corresponding argument. 2017-12-29 12:50:31 -05:00
Tim Graham
cfff2af02b Fixed -- Dropped support for Python 3.4. 2017-09-25 17:11:03 -04:00
Tim Graham
6e4c6281db Reverted "Fixed -- Replaced try/except/pass with contextlib.suppress()."
This reverts commit 550cb3a365
because try/except performs better.
2017-09-07 08:16:21 -04:00
Igor Tokarev
af35c69a3c Fixed -- Made EmailMessage include alternatives when the body is empty and it has attachments. 2017-09-04 08:46:11 -04:00