Closed vblackburn closed 8 years ago
nickjj
commented
8 years ago Which app is giving you that notification?
If you use gmail as your mail server, it comes pre-configured to send mail with TLS enabled which can be seen here: https://github.com/nickjj/build-a-saas-app-with-flask/blob/master/config/settings.py#L89.
You might get that warning if you try to send mail to a recipient whose mail server does not support TLS, in which case this isn't a limitation of catwatch or gmail.
vblackburn
commented
8 years ago This is when I try to send an email from the Catwatch flask app (issue contact email, forget password email)
Here are the current email settings
# Mail settings.
MAIL_DEFAULT_SENDER = '<GMAIL USER>@gmail.com'
MAIL_SERVER = 'smtp.gmail.com'
MAIL_PORT = 587
MAIL_USE_TLS = True
MAIL_USE_SSL = False
MAIL_USERNAME = '<GMAIL USER>@gmail.com'
MAIL_PASSWORD = '<GMAIL PASSWORD>'If I allow 'Less Secure Apps' in my Gmail settings the email sends without issue though I'd rather avoid allowing less secure apps in the Gmail settings
nickjj
commented
8 years ago The Flask-Mail extension (the package powering e-mail in catwatch) doesn't support OAuth 2 which is the only transport method that would allow you to run it without enabling "less secure apps".
https://security.googleblog.com/2014/04/new-security-measures-will-affect-older.html
@miguelgrinberg has a good write up here explaining why: https://github.com/miguelgrinberg/flasky/issues/65#issuecomment-135903296
vblackburn
commented
8 years ago This clarifies things, thanks
When trying to send an email through the smtp.gmail.com server I receive a notification saying that the app doesn't meet modern security standards.
What can I add the bring Catwatch up to these standards so I can safely use the Gmail SMTP server?