From 80d272d60b407d058d3092c564418979529130d3 Mon Sep 17 00:00:00 2001 From: neobooru <50623835+neobooru@users.noreply.github.com> Date: Sun, 19 May 2019 21:13:01 +0200 Subject: [PATCH] server/config: Add 'domain' and 'smtp from' config entries Fixes #193 and #256 This however requires users to manually set the domain in the config.yaml. This field currently is optional, but it would probably be better to make it required and not fall back to HTTP_ORIGIN and HTTP_REFERER, which might be inaccurate or not set (especially behind reverse proxies and the like) server/config: Leave domain empty by default Co-Authored-By: Shyam Sunder --- server/config.yaml.dist | 6 +++++- server/szurubooru/api/password_reset_api.py | 8 ++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/server/config.yaml.dist b/server/config.yaml.dist index 8a3a8b0b..45fbdb5d 100644 --- a/server/config.yaml.dist +++ b/server/config.yaml.dist @@ -3,6 +3,8 @@ # shown in the website title and on the front page name: szurubooru +# full url to the homepage of this szurubooru site, with no trailing slash +domain: # example: http://example.com # user agent name used to download files from the web on behalf of the api users user_agent: # used to salt the users' password hashes @@ -32,7 +34,9 @@ smtp: port: # example: 25 user: # example: bot pass: # example: groovy123 - # host can be left empty, in which case it is recommended to fill contactEmail. + from: # example: noreply@example.com + # if host is left empty the password reset feature will be disabled, in which case it is + # recommended to fill contactEmail so that users know who to contact when they want to reset their password contact_email: # example: bob@example.com. Meant for manual password reset procedures diff --git a/server/szurubooru/api/password_reset_api.py b/server/szurubooru/api/password_reset_api.py index 887d2f0d..5296d235 100644 --- a/server/szurubooru/api/password_reset_api.py +++ b/server/szurubooru/api/password_reset_api.py @@ -22,14 +22,18 @@ def start_password_reset( user_name)) token = auth.generate_authentication_token(user) - if 'HTTP_ORIGIN' in ctx.env: + if config.config['domain']: + url = config.config['domain'] + elif 'HTTP_ORIGIN' in ctx.env: url = ctx.env['HTTP_ORIGIN'].rstrip('/') + elif 'HTTP_REFERER' in ctx.env: + url = ctx.env['HTTP_REFERER'].rstrip('/') else: url = '' url += '/password-reset/%s:%s' % (user.name, token) mailer.send_mail( - 'noreply@%s' % config.config['name'], + config.config['smtp']['from'], user.email, MAIL_SUBJECT.format(name=config.config['name']), MAIL_BODY.format(name=config.config['name'], url=url))