Fix issues with forward_destination in api and user form

* form * Fixed: Internal error occurred if an empty forward_destination was entered and forward_enabled was false * Fixed: form did not check if forward_destination is empty. * Fixed: form marked forward_destination field as read-only upon reloading form upon validation error * api - create user and update/patch user * Create/Patch user did not check if forward_destination email address is valid * Create/Patch user did not check if forward_destination is present and forward_enabled is true
2025-11-04 03:57:53 +00:00 · 2024-03-23 14:14:43 +00:00
parent acb878a43f
commit 9e468100a0
2 changed files with 27 additions and 4 deletions
--- a/core/admin/mailu/api/v1/user.py
+++ b/core/admin/mailu/api/v1/user.py
@@ -109,6 +109,10 @@ class Users(Resource):
        data = api.payload
        if not validators.email(data['email']):
            return { 'code': 400, 'message': f'Provided email address {data["email"]} is not a valid email address'}, 400
        if 'forward_destination' in data and len(data['forward_destination']) > 0:
            for dest in data['forward_destination']:
                if not validators.email(dest):
                    return { 'code': 400, 'message': f'Provided forward destination email address {dest} is not a valid email address'}, 400
        localpart, domain_name = data['email'].lower().rsplit('@', 1)
        domain_found = models.Domain.query.get(domain_name)
        if not domain_found:
@@ -118,6 +122,9 @@ class Users(Resource):
        email_found = models.User.query.filter_by(email=data['email']).first()
        if email_found:
            return { 'code': 409, 'message': f'User {data["email"]} already exists'}, 409
        if 'forward_enabled' in data and data['forward_enabled'] is True:
            if ('forward_destination' in data and len(data['forward_destination']) == 0) or 'forward_destination' not in data:
                return { 'code': 400, 'message': f'forward_destination is mandatory when forward_enabled is true'}, 400
        user_new = models.User(email=data['email'])
        if 'raw_password' in data:
@@ -140,7 +147,7 @@ class Users(Resource):
            user_new.allow_spoofing = data['allow_spoofing']
        if 'forward_enabled' in data:
            user_new.forward_enabled = data['forward_enabled']
-        if 'forward_destination' in data:
+        if 'forward_destination' in data and len(data['forward_destination']) > 0:
            user_new.forward_destination = data['forward_destination']
        if 'forward_keep' in data:
            user_new.forward_keep = data['forward_keep']
@@ -203,9 +210,16 @@ class User(Resource):
        data = api.payload
        if not validators.email(email):
            return { 'code': 400, 'message': f'Provided email address {email} is not a valid email address'}, 400
        if 'forward_destination' in data and len(data['forward_destination']) > 0:
            for dest in data['forward_destination']:
                if not validators.email(dest):
                    return { 'code': 400, 'message': f'Provided forward destination email address {dest} is not a valid email address'}, 400
        user_found = models.User.query.get(email)
        if not user_found:
            return {'code': 404, 'message': f'User {email} cannot be found'}, 404
        if ('forward_enabled' in data and data['forward_enabled'] is True) or ('forward_enabled' not in data and user_found.forward_enabled):
            if ('forward_destination' in data and len(data['forward_destination']) == 0):
                return { 'code': 400, 'message': f'forward_destination is mandatory when forward_enabled is true'}, 400
        if 'raw_password' in data:
            user_found.set_password(data['raw_password'])
@@ -227,7 +241,8 @@ class User(Resource):
            user_found.allow_spoofing = data['allow_spoofing']
        if 'forward_enabled' in data:
            user_found.forward_enabled = data['forward_enabled']
-        if 'forward_destination' in data:
+        if 'forward_destination' in data and len(data['forward_destination']) > 0:
            if len(data['forward_destination']) == 0:
                user_found.forward_destination = data['forward_destination']
        if 'forward_keep' in data:
            user_found.forward_keep = data['forward_keep']
--- a/core/admin/mailu/ui/views/users.py
+++ b/core/admin/mailu/ui/views/users.py
@@ -93,6 +93,11 @@ def user_settings(user_email):
    form = forms.UserSettingsForm(obj=user)
    utils.formatCSVField(form.forward_destination)
    if form.validate_on_submit():
        if form.forward_enabled.data and (form.forward_destination.data in ['', None] or type(form.forward_destination.data) is list):
            flask.flash('Destination email address is missing', 'error')
            user.forward_enabled = True
            return flask.render_template('user/settings.html', form=form, user=user)
        if form.forward_enabled.data:
            form.forward_destination.data = form.forward_destination.data.replace(" ","").split(",")
        form.populate_obj(user)
        models.db.session.commit()
@@ -101,6 +106,9 @@ def user_settings(user_email):
        if user_email:
            return flask.redirect(
                flask.url_for('.user_list', domain_name=user.domain.name))
    elif form.is_submitted() and not form.validate():
        user.forward_enabled = form.forward_enabled.data
        return flask.render_template('user/settings.html', form=form, user=user)
    return flask.render_template('user/settings.html', form=form, user=user)
 def _process_password_change(form, user_email):