aljaz/CTFd
1
0
Fork 0
mirror of https://github.com/aljazceru/CTFd.git synced 2025-12-17 22:14:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add fix for SMTP server overriding and #1306 (#1330)

Browse Source 
* Fix a potential issue where config.py SMTP settings might not have been overrideable from the Admin Panel
* Closes #1306 by using `email.message.EmailMessage` in Python 3. Python 2 will use the old `sendmail` behavior.
This commit is contained in:
Kevin Chung
2020-04-18 03:33:34 -04:00
committed by GitHub
parent cd6439f2eb
commit 25fe789da8
5 changed files with 107 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

95
tests/utils/test_email.py
View File

@@ -1,5 +1,9 @@
import six
from email.mime.text import MIMEText
if six.PY3:
from email.message import EmailMessage
import requests
from freezegun import freeze_time
from mock import Mock, patch
@@ -34,14 +38,25 @@ def test_sendmail_with_smtp_from_config_file(mock_smtp):
sendmail(to_addr, msg)
ctf_name = get_config("ctf_name")
email_msg = MIMEText(msg)
if six.PY2:
email_msg = MIMEText(msg)
else:
email_msg = EmailMessage()
email_msg.set_content(msg)
email_msg["Subject"] = "Message from {0}".format(ctf_name)
email_msg["From"] = from_addr
email_msg["To"] = to_addr
mock_smtp.return_value.sendmail.assert_called_once_with(
from_addr, [to_addr], email_msg.as_string()
)
if six.PY2:
mock_smtp.return_value.sendmail.assert_called_with(
from_addr, [to_addr], email_msg.as_string()
)
else:
mock_smtp.return_value.send_message.assert_called()
assert str(mock_smtp.return_value.send_message.call_args[0][0]) == str(
email_msg
)
destroy_ctfd(app)
@@ -66,14 +81,24 @@ def test_sendmail_with_smtp_from_db_config(mock_smtp):
sendmail(to_addr, msg)
ctf_name = get_config("ctf_name")
email_msg = MIMEText(msg)
if six.PY2:
email_msg = MIMEText(msg)
else:
email_msg = EmailMessage()
email_msg.set_content(msg)
email_msg["Subject"] = "Message from {0}".format(ctf_name)
email_msg["From"] = from_addr
email_msg["To"] = to_addr
mock_smtp.return_value.sendmail.assert_called_once_with(
from_addr, [to_addr], email_msg.as_string()
)
if six.PY2:
mock_smtp.return_value.sendmail.assert_called_with(
from_addr, [to_addr], email_msg.as_string()
)
else:
mock_smtp.return_value.send_message.assert_called()
assert str(mock_smtp.return_value.send_message.call_args[0][0]) == str(
email_msg
)
destroy_ctfd(app)
@@ -85,18 +110,11 @@ def test_sendmail_with_mailgun_from_config_file(fake_post_request):
app.config["MAILGUN_API_KEY"] = "key-1234567890-file-config"
app.config["MAILGUN_BASE_URL"] = "https://api.mailgun.net/v3/file.faked.com"
from_addr = get_config("mailfrom_addr") or app.config.get("MAILFROM_ADDR")
to_addr = "user@user.com"
msg = "this is a test"
sendmail(to_addr, msg)
ctf_name = get_config("ctf_name")
email_msg = MIMEText(msg)
email_msg["Subject"] = "Message from {0}".format(ctf_name)
email_msg["From"] = from_addr
email_msg["To"] = to_addr
fake_response = Mock()
fake_post_request.return_value = fake_response
fake_response.status_code = 200
@@ -132,18 +150,11 @@ def test_sendmail_with_mailgun_from_db_config(fake_post_request):
set_config("mailgun_api_key", "key-1234567890-db-config")
set_config("mailgun_base_url", "https://api.mailgun.net/v3/db.faked.com")
from_addr = get_config("mailfrom_addr") or app.config.get("MAILFROM_ADDR")
to_addr = "user@user.com"
msg = "this is a test"
sendmail(to_addr, msg)
ctf_name = get_config("ctf_name")
email_msg = MIMEText(msg)
email_msg["Subject"] = "Message from {0}".format(ctf_name)
email_msg["From"] = from_addr
email_msg["To"] = to_addr
fake_response = Mock()
fake_post_request.return_value = fake_response
fake_response.status_code = 200
@@ -196,18 +207,26 @@ def test_verify_email(mock_smtp):
)
ctf_name = get_config("ctf_name")
email_msg = MIMEText(msg)
if six.PY2:
email_msg = MIMEText(msg)
else:
email_msg = EmailMessage()
email_msg.set_content(msg)
email_msg["Subject"] = "Confirm your account for {ctf_name}".format(
ctf_name=ctf_name
)
email_msg["From"] = from_addr
email_msg["To"] = to_addr
# Need to freeze time to predict the value of the itsdangerous token.
# For now just assert that sendmail was called.
mock_smtp.return_value.sendmail.assert_called_with(
from_addr, [to_addr], email_msg.as_string()
)
if six.PY2:
mock_smtp.return_value.sendmail.assert_called_with(
from_addr, [to_addr], email_msg.as_string()
)
else:
mock_smtp.return_value.send_message.assert_called()
assert str(mock_smtp.return_value.send_message.call_args[0][0]) == str(
email_msg
)
destroy_ctfd(app)
@@ -233,16 +252,24 @@ def test_successful_registration_email(mock_smtp):
msg = "You've successfully registered for CTFd!"
email_msg = MIMEText(msg)
if six.PY2:
email_msg = MIMEText(msg)
else:
email_msg = EmailMessage()
email_msg.set_content(msg)
email_msg["Subject"] = "Successfully registered for {ctf_name}".format(
ctf_name=ctf_name
)
email_msg["From"] = from_addr
email_msg["To"] = to_addr
# Need to freeze time to predict the value of the itsdangerous token.
# For now just assert that sendmail was called.
mock_smtp.return_value.sendmail.assert_called_with(
from_addr, [to_addr], email_msg.as_string()
)
if six.PY2:
mock_smtp.return_value.sendmail.assert_called_with(
from_addr, [to_addr], email_msg.as_string()
)
else:
mock_smtp.return_value.send_message.assert_called()
assert str(mock_smtp.return_value.send_message.call_args[0][0]) == str(
email_msg
)
destroy_ctfd(app)