search

lingthio / Flask-User

Customizable User Authorization & User Management: Register, Confirm, Login, Change username/password, Forgot password and more.
http://flask-user.readthedocs.io/
MIT License
1.06k stars 292 forks source link

Flask-Mail within "Basic App" should be removed #311

Open Lvl4Sword opened 4 years ago

Lvl4Sword commented 4 years ago

Flask-Mail is used within https://flask-user.readthedocs.io/en/latest/basic_app.html ( possibly other places as well ) and there's an issue with this. Flask-Mail hasn't seen an update since November 4th, 2014 - over 5.5 years ago ( This is based off of the last commit on the repo: https://github.com/mattupstate/flask-mail ). That gives a user reason to believe it's no longer supported. There are other ways of e-mailing someone that don't require this package.

One way, for example:

import smtplib
import ssl
from email.mime.text import MIMEText

sender = 'root@example.com'
the_email_password = 'P@s5w0|^\D'
destination = 'root@example.com'

def email_user(sender, the_email_password, destination):
    mail_body = 'lorem ipsum'
    email_sender = sender
    email_cipher = 'ECDHE-RSA-AES256-GCM-SHA384'
    email_server = 'smtp_server'
    email_port = 465
    # https://support.office.com/en-us/article/Outlook-com-no-longer-supports-AUTH-PLAIN-authentication-07f7d5e9-1697-465f-84d2-4513d4ff0145
    # https://en.wikipedia.org/wiki/SMTP_Authentication#Details
    email_auth = 'LOGIN'
    email_password = the_email_password
    email_destination = destination
    subject = 'subject'
    msg = MIMEText(mail_body, 'plain')
    msg['Subject'] = subject
    msg['From'] = email_sender
    ssl_context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH)
    ssl_context.verify_mode = ssl.CERT_REQUIRED
    ssl_context.check_hostname = True
    ssl_context.set_ciphers(email_cipher)
    ssl_context.options |= ssl.HAS_SNI
    ssl_context.options |= ssl.OP_NO_COMPRESSION
    # No need to explicitally disable SSLv* as it's already been done
    # https://docs.python.org/3/library/ssl.html#id7
    # The below options are done so as to force TLS1.2
    ssl_context.options |= ssl.OP_NO_TLSv1
    ssl_context.options |= ssl.OP_NO_TLSv1_1
    ssl_context.options |= ssl.OP_SINGLE_DH_USE
    ssl_context.options |= ssl.OP_SINGLE_ECDH_USE
    conn = smtplib.SMTP_SSL(email_server, port=email_port,
                            context=ssl_context)
    conn.esmtp_features['auth'] = email_auth
    conn.login(email_sender, email_password)
    try:
        conn.sendmail(email_sender, email_destination, msg.as_string())
    finally:
        conn.quit()

Thank you